[Security Solution][One Discover] Migrate host flyout subcomponents#3
Open
kelvtanv wants to merge 21 commits into
Open
[Security Solution][One Discover] Migrate host flyout subcomponents#3kelvtanv wants to merge 21 commits into
kelvtanv wants to merge 21 commits into
Conversation
kelvtanv
changed the title
Split the unified CspInsights tool (which wrapped InsightsTabCsp with a tab strip) into three standalone tools — MisconfigurationInsights, VulnerabilityInsights, AlertsInsights — each rendering a single table component. openDetailsPanel in main/index.tsx now switches on path.subTab within CSP_INSIGHTS to open the matching tool. Added hideHeaderIcon to MisconfigurationsPreview and VulnerabilitiesPreview (matching AlertsPreview's existing prop) so v2 callers can suppress the chevron icon; EntityInsight threads hideMisconfigurationsHeaderIcon and hideVulnerabilitiesHeaderIcon down to those previews. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds hardcoded fixture rows to MisconfigurationInsights and VulnerabilityInsights tools so the components render visibly without a running Elasticsearch. Also wires mockMisconfigurationFindings / mockVulnerabilitiesFindings flags through the v2 host flyout so the EntityInsight previews show even when no real findings exist. Revert this commit to strip all dev scaffolding before shipping. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kelvtanv
force-pushed
the
migrate-host-risk-summary
branch
from
d5a35f1 to
94cf444
Compare
kelvtanv
force-pushed
the
migrate-host-risk-summary
branch
from
88c1cf8 to
87be8c7
Compare
…ols" This reverts commit 94cf444.
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Migrates host flyout subcomponents from the v1 expandable flyout to the v2 system-flyout architecture used in One Discover, including new host “tool” panels and shared header/title refactors.
Changes:
- Adds host v2 tool panels (risk inputs + CSP insights) and routes “details” clicks to open them as system flyouts.
- Refactors shared tools flyout header/title by extracting document-title derivation and “open child document flyout” behavior into
useDocumentFlyoutTitle. - Extends entity/observed-data rendering to support clickable field values that open related flyouts, including passing a
hitfor entity resolution.
Reviewed changes
Copilot reviewed 48 out of 48 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/host_name.tsx | Switches to v2 document flyout defaults + history key selection for host flyouts from timeline. |
| x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/host_cell_renderer.tsx | Opens host v2 flyout from One Discover cells and passes hit for entity resolution. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.tsx | Allows passing hit through to Host flyout for better entity resolution. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.test.tsx | Adds coverage for passing hit into Host content. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/tools/notes/index.tsx | Adopts useDocumentFlyoutTitle for tools header context rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.tsx | New hook encapsulating document title/icon/badge/timestamp derivation + child document flyout open. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.tsx | Simplifies title component to a pure “button-like” view; behavior moved to hook. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.test.tsx | Updates tests to match simplified title component API. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.tsx | Makes header reusable across entity/document contexts via explicit label/icon/click props. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.test.tsx | Updates tests for new optional “source context” props. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.tsx | Passes hit into buildFlyoutContent so entity flyouts can resolve entity ids. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.tsx | Adds ML capabilities provider and time-range sync into the flyout provider tree. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/test_ids.ts | Adds test id constant for vulnerability insights tool panel. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.tsx | New host tool panel for vulnerabilities + expand-to-details behavior via system flyout. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/test_ids.ts | Adds test id constant for risk inputs tool panel. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.tsx | New host tool panel that embeds RiskInputsTab in v2 flyout context. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/test_ids.ts | Adds test id constant for misconfiguration insights tool panel. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.tsx | New host tool panel for misconfigurations + expand-to-details behavior via system flyout. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/test_ids.ts | Adds test id constant for alerts insights tool panel. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.tsx | New host tool panel for alerts + expand-to-document behavior via system flyout. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.tsx | Adds hit support, tool routing (openDetailsPanel), and “open host as child” callback. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.tsx | Adds hideHeaderIcons wiring for v2 contexts. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/components/observed_data_section.tsx | Adds v2 link renderer for observed entity fields. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/threat_intelligence/index.tsx | Adopts useDocumentFlyoutTitle for tools header context rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/session_view/index.tsx | Adopts useDocumentFlyoutTitle and forwards cell-actions/alert-update callbacks. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/response/index.tsx | Adopts useDocumentFlyoutTitle for tools header context rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.tsx | Adopts useDocumentFlyoutTitle for tools header context rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.tsx | Adopts useDocumentFlyoutTitle for tools header context rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/index.tsx | Adopts useDocumentFlyoutTitle for tools header context rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/analyzer/index.tsx | Adopts useDocumentFlyoutTitle and forwards cell-actions/alert-update callbacks. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.tsx | Passes hit into flyout link renderer to support entity resolution for v2 links. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields.tsx | Propagates hit to highlighted field cells for v2 link rendering. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.tsx | New system-flyout-compatible vulnerability details panel. |
| x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.tsx | New system-flyout-compatible misconfiguration details panel. |
| x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/observed_entity/index.tsx | Adds optional link renderer pass-through to entity table. |
| x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/types.ts | Adds EntityTableLinkRenderer type to support custom link wrapping. |
| x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/index.tsx | Threads link renderer to column builder. |
| x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/columns.tsx | Wraps values with provided link renderer (or falls back to PreviewLink). |
| x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx | Adds option to hide header icon in v2 contexts. |
| x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/tabs/risk_inputs/risk_inputs_tab.tsx | Adds v2 mode to open full document flyout instead of v1 preview panel when needed. |
| x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.tsx | Hides timeline actions when outside the Security app. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx | Adds prop to hide header chevron icon for v2 navigation. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.tsx | Adds prop to hide header chevron icon for v2 navigation. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx | Threads hideHeaderIcons down to CSP preview subcomponents. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/csp_details/vulnerabilities_findings_details_table.tsx | Adds optional callback to override expand behavior for system-flyout contexts. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx | Adds optional callback to override expand behavior for system-flyout contexts. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/csp_details/alerts_findings_details_table.tsx | Adds optional callback to override expand behavior for system-flyout contexts. |
| x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx | Adds prop to hide header chevron icon for v2 navigation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PhilippeOberti
approved these changes
May 26, 2026
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Left a few comments. Most of them are a bit subjective. They can be fixed later if you want to move forward as this isn't merged to main right away
| entityName: string; | ||
| scopeId: string; | ||
| entityId?: string; | ||
| isInV2Flyout?: boolean; |
There was a problem hiding this comment.
Do you think we need this new prop or couldn't we derive this from the newFlyoutSystemEnabled fearture flag?
Owner
Author
There was a problem hiding this comment.
We could but in the case of when newFlyoutSystemEnabled is true, and they open the old flyout i.e. via the notes button on the alerts table, it will open the new flyout when it shouldn't. But this is an edge case and if we're ok with that then we can change it.
| /** | ||
| * Syncs Kibana's global time filter to the Security Solution Redux store on mount. | ||
| */ | ||
| const TimeRangeSync: FC<{ children: ReactNode }> = ({ children }) => { |
There was a problem hiding this comment.
I understand why we have to do this and it's totally ok for now, but do you see a more robust solution for the future?
Owner
Author
There was a problem hiding this comment.
I'm not really sure what you mean by robust?
There was a problem hiding this comment.
I think I understand a bit more now what you are trying to do with the header. I see now that some tools headers will be very different from others.
I feel like we could make the distinction a bit clearer. Until now we've only had tools flyouts for documents. This would be the first non-document tools flyout, if I'm not mistaken.
What do you think about approaching this a bit differently? One idea: what if we had different toold_flyout_header components? One for documents, one for entities, one for something else?
I'll let you decide what you prefer. I'm not sold on anything, I just feel like it might be better to have those multiple defined components rather that one big generic component that has a bunch of optional props?
| /** | ||
| * The source document record. When provided, enables entity resolution for host/user flyouts. | ||
| */ | ||
| hit?: DataTableRecord; |
There was a problem hiding this comment.
Similar here I feel like there could be a better way to handle this, but I can't come with one at the moment. So maybe we keep what you have and we can keep thinking about an improvement (if there is one)?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes elastic#265876
Adds the host flyout subcomponents to the v2 flyout. Do not move any files outside of the v1 folder, but rather compose those components (i.e. VulnerabilitiesFindingsDetailsTable) and make changes only when absolutely necessary (i.e. use new open flyout method and spacing).
TODO as follow ups
Testing
Pre-req: have some rules and alerts
yarn start csp --data-sources all --findings-count 50)Changes by Code Owner
@elastic/security-threat-hunting
Implements the core v2 host flyout infrastructure:
flyout_v2/entity/host/tools/) that render in the v2 flyout's tool area when users click into detail sections from the host main paneluseDocumentFlyoutTitlehook (flyout_v2/shared/hooks/), making the header component reusable for entity flyouts that need different title formatsopenDetailsPanelin the host main panel to route CSP insight clicks (alerts, misconfigurations, vulnerabilities) to the appropriate new tool panels@elastic/contextual-security-apps
Adapts CSP components for v2 flyout compatibility:
hideHeaderIconprop: CSP preview components (Alerts, Misconfigurations, Vulnerabilities) now accept a prop to hide the chevron icon, since v2 flyout uses a different navigation patternalerts_findings_details_table,misconfiguration_findings_details_table,vulnerabilities_findings_details_table) now accept optional callback props (onExpandAlert,onExpandFinding,onExpandVulnerability) to customize expand behavior in v2 flyout contextsflyout_v2/csp_details/) for rendering CSP findings within the v2 flyout@elastic/security-entity-analytics
RiskInputsTabto support rendering within the v2 flyout context viaisInV2Flyoutprop, with conditional hiding of "Add to timeline" action when outside the Security app🤖 Generated partially with Claude Code