Skip to content

[Security solution] Value report data view filtering fix #241682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 4, 2025
Merged

[Security solution] Value report data view filtering fix #241682

merged 2 commits into from
Nov 4, 2025
+570 −30

Conversation

@stephmilovic
Copy link
Contributor

@stephmilovic stephmilovic commented Nov 3, 2025

Summary

I incorrectly believed that adding the scopeId={SourcererScopeName.detections} property to the VisualizationEmbeddable component would filter the queries on the value report page to search only the alerts index. However, useDataView(SourcererScopeName.detections) actually returns the full security solution data view. In order to only search the signals index, I added signal index filtering to all the AI value report lens visualizations. I also introduce a hook to provide a default signal index name, as useSignalIndex() can return { signalIndexName: null }.

Steps to reproduce

  1. Be in serverless complete with admin or soc_manager role. Have alerts data and attack discoveries. Have additional non-alert events (I used yarn start generate-logs with security-documents-generator).
  2. Navigate to value reports

Before fix:
The cost savings metric did not match the cost savings in the description. Additionally, time saved, alert filtering rate, and cost savings trend were incorrect.
Screenshot 2025-11-03 at 8 56 45 AM

After fix:
The cost savings metric matches the cost savings in the description. Time saved, alert filtering rate, and cost savings trend are now accurate.
Screenshot 2025-11-03 at 11 09 30 AM

Changes

  • New helper function (helpers.ts): getAlertIndexFilter creates index filters for lens attributes
  • Updated lens attributes functions: Added signalIndexName parameter and integrated getAlertIndexFilter in:
    • alert_filtering_metric.ts
    • cost_savings_metric.ts
    • time_saved_metric.ts
    • cost_savings_trend_area.ts
  • New hook (use_signal_index_with_default.tsx): Returns signal index name with fallback to .alerts-security.alerts-{spaceId}
  • Updated React components: Components now use useSignalIndexWithDefault to get alerts index name
  • Fixed translation: Updated statType value to be correct

@stephmilovic stephmilovic requested a review from a team as a code owner November 3, 2025 18:17
@stephmilovic stephmilovic added the release_note:skip Skip the PR/issue when compiling release notes label Nov 3, 2025
@stephmilovic stephmilovic requested a review from a team as a code owner November 3, 2025 18:17
@stephmilovic stephmilovic added backport:skip This PR does not require backporting Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Security Generative AI Security Generative AI labels Nov 3, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 3, 2025

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 3, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #76 / Agents fleet_list_agent should return metrics if available and called with withMetrics
  • [job] [logs] Scout Test Run Builder / serverless-security - EUI testing wrapper: EuiDataGrid - data grid, run
  • [job] [logs] Jest Integration Tests #15 / workflow level timeout should invoke connector only 3 times timeout
  • [job] [logs] Jest Integration Tests #15 / workflow with wait step when duration is short should wait for the specified duration between firstConnectorStep and lastConnectorStep

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 8318 8320 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 11.0MB 11.0MB +742.0B

History

@angorayc angorayc self-requested a review November 4, 2025 14:54
angorayc
angorayc approved these changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@angorayc angorayc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stephmilovic stephmilovic merged commit 3e0198d into elastic:main Nov 4, 2025
12 checks passed
wildemat pushed a commit to wildemat/kibana that referenced this pull request Nov 5, 2025
@stephmilovic @wildemat
[Security solution] Value report data view filtering fix (elastic#241682
e8c4624 
)
viduni94 pushed a commit to viduni94/kibana that referenced this pull request Nov 5, 2025
@stephmilovic @viduni94
[Security solution] Value report data view filtering fix (elastic#241682
e019680 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@angorayc angorayc angorayc approved these changes

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Security Generative AI Security Generative AI Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@stephmilovic @elasticmachine @angorayc @kibanamachine