-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CTI] Adds links for threat.indicator.event url and reference on Summary Tab #96323
Conversation
…ary Tab Closes elastic/security_team#967
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
export const SIGNAL_RULE_NAME_FIELD_NAME = 'signal.rule.name'; | ||
export const SIGNAL_STATUS_FIELD_NAME = 'signal.status'; | ||
export const THREAT_INDICATOR_EVENT_URL_FIELD_NAME = 'threat.indicator.event.url'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think I should remove these on my row renderer PR? I've got them in common/cti/constants
so we could certainly consolidate this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
consolidating them is a great idea, I can create a mini chore ticket to tackle this once both of our PRs are merged, I am currently killing this one for an updated implementation as a part of #998
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Test FailuresKibana Pipeline / general / "before all" hook for "should contain the right query".Timeline query tab Query tab "before all" hook for "should contain the right query"Stack Trace
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @ecezalp |
Closing this PR as the event fields are no longer present on the Threat Summary view (as per the new ACs of elastic/security-team#998. A similar change will be implemented for #998 for the Threat Details section of the Threat Intel tab. |
Closes elastic/security-team#967
Note: To test this change, #909 must be merged first.
Checklist
Delete any items that are not applicable to this PR.