[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user asfgit closed the pull request at: https://github.com/apache/metron/pull/803 ---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r152311299
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.po.ts ---
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {browser, element, by} from 'protractor';
+
+export class MetaAlertPage {
+
+ getPageTitle() {
+return element(by.css('app-meta-alerts .form-title')).getText();
+ }
+
+ getMetaAlertsTitle() {
+return element(by.css('app-meta-alerts .title')).getText();
+ }
+
+ getAvailableMetaAlerts() {
+return element(by.css('app-meta-alerts .guid-name-container
div')).getText();
+ }
+
+ selectRadio() {
+return element.all(by.css('app-meta-alerts .checkmark')).click();
+ }
+
+ addToMetaAlert() {
+
element.all(by.css('app-meta-alerts')).get(0).element(by.buttonText('ADD')).click();
+browser.sleep(2000);
--- End diff --
There are several sleep statements throughout the e2e tests. I would be ok
with cleaning them all up in follow-on PR.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r152310478
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.po.ts ---
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {browser, element, by} from 'protractor';
+
+export class MetaAlertPage {
+
+ getPageTitle() {
+return element(by.css('app-meta-alerts .form-title')).getText();
+ }
+
+ getMetaAlertsTitle() {
+return element(by.css('app-meta-alerts .title')).getText();
+ }
+
+ getAvailableMetaAlerts() {
+return element(by.css('app-meta-alerts .guid-name-container
div')).getText();
+ }
+
+ selectRadio() {
+return element.all(by.css('app-meta-alerts .checkmark')).click();
+ }
+
+ addToMetaAlert() {
+
element.all(by.css('app-meta-alerts')).get(0).element(by.buttonText('ADD')).click();
+browser.sleep(2000);
--- End diff --
@iraghumitra any thoughts on this?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user iraghumitra commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r151964471
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.scss
---
@@ -143,3 +167,12 @@ textarea {
.comment-container:hover i {
display: block;
}
+
+.input-group-addon {
+ cursor: pointer;
+}
+
+.disabled {
+ opacity: 0.5;
+ cursor: not-allowed;
+}
--- End diff --
Added newline
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r147853082
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.po.ts ---
@@ -159,4 +159,34 @@ export class TreeViewPage {
return column.getText();
});
}
+
+ clickOnMergeAlerts(groupName: string) {
+return element(by.css('[data-name="' + groupName + '"]
.fa-link')).click();
+ }
+
+ getConfirmationText() {
+browser.sleep(1000);
+let dialogElement = element(by.css('.metron-dialog .modal-header
.close'));
+return waitForElementVisibility(dialogElement).then(() =>
element(by.css('.metron-dialog .modal-body')).getText());
+ }
+
+ clickNoForConfirmation() {
+browser.sleep(1000);
+let dialogElement = element(by.css('.metron-dialog .modal-header
.close'));
+let maskElement = element(by.css('.modal-backdrop.fade'));
+waitForElementVisibility(dialogElement).then(() =>
element(by.css('.metron-dialog')).element(by.buttonText('Cancel')).click())
+.then(() => waitForElementInVisibility(maskElement));
+ }
+
+ clickYesForConfirmation() {
+browser.sleep(1000);
--- End diff --
Is this sleep statement absolutely necessary?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r147853051
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.po.ts ---
@@ -159,4 +159,34 @@ export class TreeViewPage {
return column.getText();
});
}
+
+ clickOnMergeAlerts(groupName: string) {
+return element(by.css('[data-name="' + groupName + '"]
.fa-link')).click();
+ }
+
+ getConfirmationText() {
+browser.sleep(1000);
--- End diff --
Is this sleep statement absolutely necessary?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r147853067
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.po.ts ---
@@ -159,4 +159,34 @@ export class TreeViewPage {
return column.getText();
});
}
+
+ clickOnMergeAlerts(groupName: string) {
+return element(by.css('[data-name="' + groupName + '"]
.fa-link')).click();
+ }
+
+ getConfirmationText() {
+browser.sleep(1000);
+let dialogElement = element(by.css('.metron-dialog .modal-header
.close'));
+return waitForElementVisibility(dialogElement).then(() =>
element(by.css('.metron-dialog .modal-body')).getText());
+ }
+
+ clickNoForConfirmation() {
+browser.sleep(1000);
--- End diff --
Is this sleep statement absolutely necessary?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r147152861
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts
---
@@ -337,12 +343,67 @@ export class TreeViewComponent extends
TableViewComponent implements OnChanges {
});
}
+ canCreateMetaAlert(count: number) {
+if (count > 999) {
--- End diff --
@james-sirota You'd know a bit more about the practical usage pattern than
I would. Do you have any input on this limit? I'm guessing we could/should
probably drop it a bit to give ourselves a bit more safety factor (e.g. 200?),
assuming that fits a practical pattern.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
GitHub user iraghumitra reopened a pull request: https://github.com/apache/metron/pull/803 Metron-1252: Build ui for grouping alerts into meta alerts ## Contributor Comments The purpose of the PR is to provide GUI for grouping multiple alerts into a meta alert, the rest api for this is already available via [METRON-1158](https://issues.apache.org/jira/browse/METRON-1158) The current implementation has following features - Meta alert can be created from the tree view of alerts - Meta alerts can be viewed in the table view - The meta alert has a link icon on the left to denote that it is a meta alert - The meta alert has a expand/collapse icon to see all the alerts within it - The meta alert has a cumulative score (more on how this score is calculated is available in the original ticket) - Support to add/remove an alert to the meta alert from the table view - Change the state of meta alert - Add comments to a meta alert - Option to name a meta alert (This is just a convenience to refer to alerts) **Limitations** - Meta alerts cannot be viewed in the tree view - Adding comments/Status change is restricted to just meta alerts. You cannot perform these actions on alerts contained in meta alert - A meta alert can contain only 999 alerts - Delete of the entire meta alert is not supported yet **Next** - It will be nice to have a notification when entities are changed in the UI I noticed that search on GUID was not working before I fixed it in this PR. ~E2E tests are incoming I wanted to check if the community has any suggestion on this.~ ~PS: I had to comment one of the test cases since sort by guid is broke. I will raise a ticket for it~     ## Pull Request Checklist Thank you for submitting a contribution to Apache Metron. Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions. Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides. In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel). - [x] Does your PR title start with METRON- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? ### For code changes: - [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed? - [x] Have you included steps or a guide to how the change may be verified and tested manually? - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via: ``` mvn -q clean integration-test install && build_utils/verify_licenses.sh ``` - [ ] Have you written or updated unit tests and or integration tests to verify your changes? - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [x] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`: ``` cd site-book mvn site ``` Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user iraghumitra closed the pull request at: https://github.com/apache/metron/pull/803 ---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user iraghumitra commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146991821
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts
---
@@ -337,12 +343,67 @@ export class TreeViewComponent extends
TableViewComponent implements OnChanges {
});
}
+ canCreateMetaAlert(count: number) {
+if (count > 999) {
--- End diff --
Ah ok, I was able to add 999 from my full-dev. What is your suggestion on
the number of meta alerts 350 or 500?.
We are not validating the size when users try's to add few more alerts to
meta alerts. If you confirm the possible number I will add it too.
Can I limit it to 350 for now?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146979225
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts
---
@@ -337,12 +343,67 @@ export class TreeViewComponent extends
TableViewComponent implements OnChanges {
});
}
+ canCreateMetaAlert(count: number) {
+if (count > 999) {
--- End diff --
Do we prevent users from adding enough alerts to go over the limit? E.g.
if I have 995 alerts and I try to add 20 more, will the UI prevent it?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146964503
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts
---
@@ -337,12 +343,67 @@ export class TreeViewComponent extends
TableViewComponent implements OnChanges {
});
}
+ canCreateMetaAlert(count: number) {
+if (count > 999) {
--- End diff --
Given the practical restriction detailed at
https://issues.apache.org/jira/browse/METRON-1279, does this limit need to be
lowered? I've seen ~350 work without issues, personally. Obviously, given the
way the update works, I'm not sure we can ever guarantee a fixed limit, but
even 500 seems really likely to blow up.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146267005
--- Diff: metron-interface/metron-alerts/src/app/service/update.service.ts
---
@@ -38,22 +41,27 @@ export class UpdateService {
constructor(private http: Http) { }
- public patch(patchRequest: PatchRequest): Observable<{}> {
+ public patch(patchRequest: PatchRequest, fireChangeListner = true):
Observable<{}> {
let url = '/api/v1/update/patch';
return this.http.patch(url, patchRequest, new RequestOptions({headers:
new Headers(this.defaultHeaders)}))
.catch(HttpUtil.handleError)
.map(result => {
- this.alertChangedSource.next(patchRequest);
+ if (fireChangeListner) {
+this.alertChangedSource.next(patchRequest);
+ }
return result;
});
}
- public updateAlertState(alerts: Alert[], state: string): Observable<{}> {
+ public updateAlertState(alerts: Alert[], state: string,
fireChangeListner = true): Observable<{}> {
--- End diff --
I agree with you and I think that's a good approach. The problem is you're
not actually using that variable in this method. Maybe you meant to pass it to
`this.patch(patchRequest)` on line 69?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146265870
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
+
+this.searchService.search(searchRequest).subscribe(resp =>
this.searchResponse = resp);
+ }
+
+ doAddAlertToMetaAlert(alertSources: AlertSource[]) {
+let patchRequest = new PatchRequest();
+patchRequest.guid = this.selectedMetaAlert;
+patchRequest.sensorType = 'metaalert';
+patchRequest.index = META_ALERTS_INDEX;
+patchRequest.patch = [new Patch('replace', 'alert', alertSources)];
+
+this.updateService.patch(patchRequest).subscribe(rep => {
+ console.log('Meta alert saved');
--- End diff --
If you are planning on replace that with something in the future then I'm
ok with it.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146265654
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts
---
@@ -175,7 +175,7 @@ describe('metron-alerts tree view', function () {
});
- it('should have sort working for group details for multiple sub groups',
() => {
+ xit('should have sort working for group details for multiple sub
groups', () => {
--- End diff --
Can you sort on a different field instead? Timestamp maybe? I don't think
the right answer is to just disable the test.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user iraghumitra commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146205224
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
+
+this.searchService.search(searchRequest).subscribe(resp =>
this.searchResponse = resp);
+ }
+
+ doAddAlertToMetaAlert(alertSources: AlertSource[]) {
+let patchRequest = new PatchRequest();
+patchRequest.guid = this.selectedMetaAlert;
+patchRequest.sensorType = 'metaalert';
+patchRequest.index = META_ALERTS_INDEX;
+patchRequest.patch = [new Patch('replace', 'alert', alertSources)];
+
+this.updateService.patch(patchRequest).subscribe(rep => {
+ console.log('Meta alert saved');
+ this.goBack();
+});
+ }
+
+ addAlertToMetaAlert() {
+let searchRequest = new SearchRequest();
+searchRequest.query = 'guid:"' + this.selectedMetaAlert + '"';
+searchRequest.from = 0;
+searchRequest.size = 1;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [];
+searchRequest.fields = [];
+
+this.searchService.search(searchRequest).subscribe((searchResponse:
SearchResponse) => {
+ if (searchResponse.results.length === 1) {
+searchResponse.results[0].source.alert =
[...searchResponse.results[0].source.alert,
+
...this.metaAlertService.selectedAlerts.map(alert => alert.source)];
+this.doAddAlertToMetaAlert(searchResponse.results[0].source.alert);
+ } else {
+console.log('Unable to get a single meta alert');
+ }
+});
+console.log(this.selectedMetaAlert);
--- End diff --
As mentioned in the Next Section of CC, we need some kind of notification
once actions like add/remove are done otherwise it is confusing. These are
placeholders till we have a notification mechanism. If it is not a problem I
would suggest we leave them else I can remove them.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145816832
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.scss
---
@@ -24,4 +24,12 @@
.configure-table-icon {
font-size: 16px;
cursor: pointer;
+}
+
+.fa-chain-broken {
+ color: $piction-blue;
+}
+
+.dropdown-cell {
+ padding-left: 0.6rem;
}
--- End diff --
need newline
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145816633
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.html
---
@@ -0,0 +1,48 @@
+
+
+
+
+
+Add to Alert
+
+
+
+
+ SELECT OPEN ALERT
+
+
+
+
+
+
+
+
+
+ {{
alert.source['threat:triage:score'] }}
+
+ {{(alert.source.name &&
alert.source.name.length > 0) ? alert.source.name : alert.source.guid |
centerEllipses:20 }}({{ alert.source.count }})
+ {{
(alert.source.alert_status && alert.source.alert_status.length > 0) ?
alert.source.alert_status : 'NEW' }}
+ {{
alert.source._timestamp | timeLapse }}
+
+
+
+
+
+ADD
+CANCEL
+
+
+
+
--- End diff --
need newline
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145816548
--- Diff: metron-interface/metron-alerts/src/styles.scss ---
@@ -259,4 +259,61 @@ hr {
padding: 0;
}
-
+/** Custom Radio box **/
+$background_color_1: #eee;
+$background_color_2: #ccc;
+$background_color_3: #2196F3;
+.radio-container {
+ display: block;
+ position: relative;
+ padding-left: 35px;
+ margin-bottom: 12px;
+ cursor: pointer;
+ font-size: 22px;
+ -webkit-user-select: none;
+ -moz-user-select: none;
+ -ms-user-select: none;
+ user-select: none;
+ input {
+position: absolute;
+opacity: 0;
+&:checked {
+ &~.checkmark {
+background-color: $eastern-blue-2;
+&:after {
+ display: block;
+}
+ }
+}
+ }
+ &:hover {
+input {
+ &~.checkmark {
+background-color: $eastern-blue-2;
+ }
+}
+ }
+ .checkmark {
+position: absolute;
+top: 0;
+left: 0;
+height: 12px;
+width: 12px;
+background-color: $mine-shaft-2;
+border: 1px solid $tundora;
+border-radius: 50%;
+
+&:after {
+ top: 2px;
+ left: 2px;
+ width: 6px;
+ height: 6px;
+ border-radius: 50%;
+ background: $white;
+ content: "";
+ position: absolute;
+ display: none;
+}
+ }
+}
+/**/
--- End diff --
need newline
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145816388
--- Diff: metron-interface/metron-alerts/src/app/service/update.service.ts
---
@@ -38,22 +41,27 @@ export class UpdateService {
constructor(private http: Http) { }
- public patch(patchRequest: PatchRequest): Observable<{}> {
+ public patch(patchRequest: PatchRequest, fireChangeListner = true):
Observable<{}> {
--- End diff --
Could we fix the typo in Listner?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145816267
--- Diff: metron-interface/metron-alerts/src/app/service/update.service.ts
---
@@ -38,22 +41,27 @@ export class UpdateService {
constructor(private http: Http) { }
- public patch(patchRequest: PatchRequest): Observable<{}> {
+ public patch(patchRequest: PatchRequest, fireChangeListner = true):
Observable<{}> {
let url = '/api/v1/update/patch';
return this.http.patch(url, patchRequest, new RequestOptions({headers:
new Headers(this.defaultHeaders)}))
.catch(HttpUtil.handleError)
.map(result => {
- this.alertChangedSource.next(patchRequest);
+ if (fireChangeListner) {
+this.alertChangedSource.next(patchRequest);
+ }
return result;
});
}
- public updateAlertState(alerts: Alert[], state: string): Observable<{}> {
+ public updateAlertState(alerts: Alert[], state: string,
fireChangeListner = true): Observable<{}> {
--- End diff --
is fireChangeListner used in this function?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145814896
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
+
+this.searchService.search(searchRequest).subscribe(resp =>
this.searchResponse = resp);
+ }
+
+ doAddAlertToMetaAlert(alertSources: AlertSource[]) {
+let patchRequest = new PatchRequest();
+patchRequest.guid = this.selectedMetaAlert;
+patchRequest.sensorType = 'metaalert';
+patchRequest.index = META_ALERTS_INDEX;
+patchRequest.patch = [new Patch('replace', 'alert', alertSources)];
+
+this.updateService.patch(patchRequest).subscribe(rep => {
+ console.log('Meta alert saved');
+ this.goBack();
+});
+ }
+
+ addAlertToMetaAlert() {
+let searchRequest = new SearchRequest();
+searchRequest.query = 'guid:"' + this.selectedMetaAlert + '"';
+searchRequest.from = 0;
+searchRequest.size = 1;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [];
+searchRequest.fields = [];
+
+this.searchService.search(searchRequest).subscribe((searchResponse:
SearchResponse) => {
--- End diff --
I think this should be a findOne call instead of a search. Seems
inefficient to search and filter down to a single record using a guid.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145814193
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
+
+this.searchService.search(searchRequest).subscribe(resp =>
this.searchResponse = resp);
+ }
+
+ doAddAlertToMetaAlert(alertSources: AlertSource[]) {
+let patchRequest = new PatchRequest();
+patchRequest.guid = this.selectedMetaAlert;
+patchRequest.sensorType = 'metaalert';
+patchRequest.index = META_ALERTS_INDEX;
+patchRequest.patch = [new Patch('replace', 'alert', alertSources)];
+
+this.updateService.patch(patchRequest).subscribe(rep => {
+ console.log('Meta alert saved');
+ this.goBack();
+});
+ }
+
+ addAlertToMetaAlert() {
+let searchRequest = new SearchRequest();
+searchRequest.query = 'guid:"' + this.selectedMetaAlert + '"';
+searchRequest.from = 0;
+searchRequest.size = 1;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [];
+searchRequest.fields = [];
+
+this.searchService.search(searchRequest).subscribe((searchResponse:
SearchResponse) => {
+ if (searchResponse.results.length === 1) {
+searchResponse.results[0].source.alert =
[...searchResponse.results[0].source.alert,
--- End diff --
Why are you reassigning old and new alerts back to
`searchResponse.results[0].source.alert`? Makes it a little confusing to read.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145813076
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
--- End diff --
should 'alert_status' be 'status'?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145811869
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.module.ts
---
@@ -0,0 +1,14 @@
+import { NgModule } from '@angular/core';
+
+import {routing} from './meta-alerts.routing';
+import { MetaAlertsComponent } from './meta-alerts.component';
+import {UpdateService} from '../../service/update.service';
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {SharedModule} from '../../shared/shared.module';
+
+@NgModule({
+ imports: [ routing, SharedModule ],
+ declarations: [ MetaAlertsComponent ],
+ providers: [ UpdateService, MetaAlertService ],
--- End diff --
Should UpdateService be in the list of providers here? Isn't it
application-wide and provided at the app root level as well?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145810773
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
+
+this.searchService.search(searchRequest).subscribe(resp =>
this.searchResponse = resp);
+ }
+
+ doAddAlertToMetaAlert(alertSources: AlertSource[]) {
+let patchRequest = new PatchRequest();
+patchRequest.guid = this.selectedMetaAlert;
+patchRequest.sensorType = 'metaalert';
+patchRequest.index = META_ALERTS_INDEX;
+patchRequest.patch = [new Patch('replace', 'alert', alertSources)];
+
+this.updateService.patch(patchRequest).subscribe(rep => {
+ console.log('Meta alert saved');
+ this.goBack();
+});
+ }
+
+ addAlertToMetaAlert() {
+let searchRequest = new SearchRequest();
+searchRequest.query = 'guid:"' + this.selectedMetaAlert + '"';
+searchRequest.from = 0;
+searchRequest.size = 1;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [];
+searchRequest.fields = [];
+
+this.searchService.search(searchRequest).subscribe((searchResponse:
SearchResponse) => {
+ if (searchResponse.results.length === 1) {
+searchResponse.results[0].source.alert =
[...searchResponse.results[0].source.alert,
+
...this.metaAlertService.selectedAlerts.map(alert => alert.source)];
+this.doAddAlertToMetaAlert(searchResponse.results[0].source.alert);
+ } else {
+console.log('Unable to get a single meta alert');
+ }
+});
+console.log(this.selectedMetaAlert);
--- End diff --
should this be here?
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145809924
--- Diff: metron-interface/metron-alerts/src/app/utils/constants.ts ---
@@ -27,5 +30,5 @@ export const ALERTS_COLUMN_NAMES =
'metron-alerts-column-names';
export let TREE_SUB_GROUP_SIZE = 5;
export let DEFAULT_FACETS = ['source:type', 'ip_src_addr', 'ip_dst_addr',
'host', 'enrichments:geo:ip_dst_addr:country'];
export let DEFAULT_GROUPS = ['source:type', 'ip_src_addr', 'ip_dst_addr',
'host', 'enrichments:geo:ip_dst_addr:country'];
-export let INDEXES = environment.indices ? environment.indices.split(',')
: ['websphere', 'snort', 'asa', 'bro', 'yaf'];
+export let INDEXES = environment.indices ? environment.indices.split(',')
: ['websphere', 'snort', 'asa', 'bro', 'yaf', 'metaalerts'];
--- End diff --
should be `export let INDEXES = environment.indices ?
environment.indices.split(',') : ['websphere', 'snort', 'asa', 'bro', 'yaf',
'metaalert'];`
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145809831
--- Diff: metron-interface/metron-alerts/src/app/utils/constants.ts ---
@@ -18,6 +18,9 @@
import {environment} from '../../environments/environment';
+export const META_ALERTS_SENSOR_TYPE = 'metaalert';
+export const META_ALERTS_INDEX = 'metaalerts';
--- End diff --
should be `export const META_ALERTS_INDEX = 'metaalert';`
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145809660
--- Diff:
metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts
---
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * 'License'); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit } from '@angular/core';
+import {Router} from '@angular/router';
+
+import {MetaAlertService} from '../../service/meta-alert.service';
+import {UpdateService} from '../../service/update.service';
+import {SearchRequest} from '../../model/search-request';
+import {SearchService} from '../../service/search.service';
+import {SearchResponse} from '../../model/search-response';
+import {SortField} from '../../model/sort-field';
+import {META_ALERTS_INDEX} from '../../utils/constants';
+import {AlertSource} from '../../model/alert-source';
+import {PatchRequest} from '../../model/patch-request';
+import {Patch} from '../../model/patch';
+
+@Component({
+ selector: 'app-meta-alerts',
+ templateUrl: './meta-alerts.component.html',
+ styleUrls: ['./meta-alerts.component.scss']
+})
+export class MetaAlertsComponent implements OnInit {
+
+ selectedMetaAlert = '';
+ searchResponse: SearchResponse = new SearchResponse();
+
+ constructor(private router: Router,
+ private metaAlertService: MetaAlertService,
+ private updateService: UpdateService,
+ private searchService: SearchService) {
+ }
+
+ goBack() {
+this.router.navigateByUrl('/alerts-list');
+return false;
+ }
+
+ ngOnInit() {
+let searchRequest = new SearchRequest();
+searchRequest.query = '*';
+searchRequest.from = 0;
+searchRequest.size = 999;
+searchRequest.facetFields = [];
+searchRequest.indices = [META_ALERTS_INDEX];
+searchRequest.sort = [new SortField('threat:triage:score', 'desc')];
+searchRequest.fields = ['id', 'alert_status', 'threat:triage:score',
'count', 'guid', 'name'];
+
+this.searchService.search(searchRequest).subscribe(resp =>
this.searchResponse = resp);
+ }
+
+ doAddAlertToMetaAlert(alertSources: AlertSource[]) {
+let patchRequest = new PatchRequest();
+patchRequest.guid = this.selectedMetaAlert;
+patchRequest.sensorType = 'metaalert';
+patchRequest.index = META_ALERTS_INDEX;
--- End diff --
should be `patchRequest.index = META_ALERTS_INDEX + '_index';`
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r145809162
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts
---
@@ -175,7 +175,7 @@ describe('metron-alerts tree view', function () {
});
- it('should have sort working for group details for multiple sub groups',
() => {
+ xit('should have sort working for group details for multiple sub
groups', () => {
--- End diff --
What does xit mean here? Just curious.
---
[GitHub] metron pull request #803: Metron-1252: Build ui for grouping alerts into met...
GitHub user iraghumitra opened a pull request: https://github.com/apache/metron/pull/803 Metron-1252: Build ui for grouping alerts into meta alerts ## Contributor Comments The purpose of the PR is to provide GUI for grouping multiple alerts into a meta alert, the rest api for this is already available via [METRON-1158](https://issues.apache.org/jira/browse/METRON-1158) The current implementation has following features - Meta alert can be created from the tree view of alerts - Meta alerts can be viewed in the table view - The meta alert has a link icon on the left to denote that it is a meta alert - The meta alert has a expand/collapse icon to see all the alerts within it - The meta alert has a cumulative score (more on how this score is calculated is available in the original ticket) - Support to add/remove an alert to the meta alert from the table view - Change the state of meta alert - Add comments to a meta alert - Option to name a meta alert (This is just a convenience to refer to alerts) **Limitations** - Meta alerts cannot be viewed in the tree view - Adding comments/Status change is restricted to just meta alerts. You cannot perform these actions on alerts contained in meta alert - A meta alert can contain only 999 alerts - Delete of the entire meta alert is not supported yet **Next** - It will be nice to have a notification when entities are changed in the UI I noticed that search on GUID was not working before I fixed it in this PR. E2E tests are incoming I wanted to check if the community has any suggestion on this. PS: I had to comment one of the test cases since sort by guid is broke. I will raise a ticket for it*     ## Pull Request Checklist Thank you for submitting a contribution to Apache Metron. Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions. Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides. In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel). - [x] Does your PR title start with METRON- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? ### For code changes: - [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed? - [x] Have you included steps or a guide to how the change may be verified and tested manually? - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via: ``` mvn -q clean integration-test install && build_utils/verify_licenses.sh ``` - [ ] Have you written or updated unit tests and or integration tests to verify your changes? - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [x] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`: ``` cd site-book mvn site ``` Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches
