-
Notifications
You must be signed in to change notification settings - Fork 8.5k
[Security Solution] Enable Value Reports in ESS #243511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
[Security Solution] Enable Value Reports in ESS #243511
Conversation
0ce5399 to
bda9c51
Compare
5a798ee to
daacc5d
Compare
…erated-data-forwarded
…erated-data-forwarded
…erated-data-forwarded
|
@stephmilovic I have added support for scheduling the report as well as some telemetry around the export report logic. |
…erated-data-forwarded
akowalska622
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Data Discovery changes code only review
nickofthyme
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Vis code changes 👍🏼
…s-in-ech-with-only-ai-generated-data-forwarded
…erated-data-forwarded
🤖 Prompt Changes DetectedChanges have been detected to one or more prompt files in the Elastic Assistant plugin. Please remember to update the integrations repository with your prompt changes to ensure consistency across all deployments. Next Steps:
This is an automated reminder to help maintain prompt consistency across repositories. |
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
cc @denar50 |
Summary
Issue: https://github.com/elastic/security-team/issues/14504
A previous PR introduced the EASE Value report and the ability to export it in serverless. This PR makes the report available in ESS and adds logic to export it using the share plugin. The ESS export logic is different from that of serverless because schedule reporting is not available in Serverless yet (ResponseOps plans to add support for it in 9.4).
The reporting is initiated in the client's browser when the user clicks on the "Export report" button, which becomes available once the report data and the cost savings trend insight have been fetched and generated respectively.
The export report button makes a call to the server to generate a PDF for the report and passes the insight and a hash of the report data as parameters (aka "forwarded state").
A headless browser is used to navigate to a special route
/app/reportingRedirectthat looks up a the corresponding locator locator (in this case,AIValueReportLocatorDefinition) which in turns resolves the URL of the value report (/app/security/reports/ai_value) and the forwarded state to be stored inhistory.location.state.The value report page reacts to this state being present and renders itself in "export mode". When the components finish loading, the headless browser takes screenshots of everything that is contained within the value report page, which has a
data-shared-items-containerattribute attached to it.Notice that we only forward the insight and the hash of the report data in order to avoid calling an LLM again in the headless browser when the data itself hasn't changed.
How to test
app/security/rules/management) to ensure that all indexes are properly initialized.yarn start generate-alerts -n 10000 -h 100 -u 100 --start-date 60d --end-date nowScreen.Recording.2025-11-19.at.15.08.37.mov
Navigate to the "Value report" page. You can use the link on the left side, or you can go to
/app/security/reports/ai_value.Once the report loads, the "Export report" button should be enabled. Click on it and export it to a PDF. You should see a toast indicating that the export in ongoing and when it is done you should get a toast with a "Download report" button. Click on "Download report" and verify that the downloaded PDF matches the data that you are seeing on the screen.
Play with it by adjusting the time window in the date picker next to the Export report button.
Screen.Recording.2025-11-19.at.15.15.093.mov
Known issues
PDF
Website

Pending