[Security Solution] Enable Value Reports in ESS #243511
Open
+1,579
−177
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
denar50
changed the title
denar50
force-pushed
the
enable-value-reports-in-ech-with-only-ai-generated-data-forwarded
branch
from
0ce5399 to
bda9c51
Compare
denar50
force-pushed
the
enable-value-reports-in-ech-with-only-ai-generated-data-forwarded
branch
from
5a798ee to
daacc5d
Compare
denar50
changed the title
…erated-data-forwarded
…erated-data-forwarded
denar50
added
the
release_note:feature
…erated-data-forwarded
Contributor
Author
|
@stephmilovic I have added support for scheduling the report as well as some telemetry around the export report logic. |
…erated-data-forwarded
akowalska622
approved these changes
Nov 25, 2025
Contributor
akowalska622
left a comment
akowalska622
left a comment
There was a problem hiding this comment.
Data Discovery changes code only review
jbudz
approved these changes
Nov 25, 2025
jloleysens
approved these changes
Nov 26, 2025
…s-in-ech-with-only-ai-generated-data-forwarded
…erated-data-forwarded
Contributor
🤖 Prompt Changes DetectedChanges have been detected to one or more prompt files in the Elastic Assistant plugin. Please remember to update the integrations repository with your prompt changes to ensure consistency across all deployments. Next Steps:
This is an automated reminder to help maintain prompt consistency across repositories. |
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
cc @denar50 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Issue: https://github.com/elastic/security-team/issues/14504
A previous PR introduced the EASE Value report and the ability to export it in serverless. This PR makes the report available in ESS and adds logic to export it using the share plugin. The ESS export logic is different from that of serverless because schedule reporting is not available in Serverless yet (ResponseOps plans to add support for it in 9.4).
The reporting is initiated in the client's browser when the user clicks on the "Export report" button, which becomes available once the report data and the cost savings trend insight have been fetched and generated respectively.
The export report button makes a call to the server to generate a PDF for the report and passes the insight and a hash of the report data as parameters (aka "forwarded state").
A headless browser is used to navigate to a special route
/app/reportingRedirectthat looks up a the corresponding locator locator (in this case,AIValueReportLocatorDefinition) which in turns resolves the URL of the value report (/app/security/reports/ai_value) and the forwarded state to be stored inhistory.location.state.The value report page reacts to this state being present and renders itself in "export mode". When the components finish loading, the headless browser takes screenshots of everything that is contained within the value report page, which has a
data-shared-items-containerattribute attached to it.Notice that we only forward the insight and the hash of the report data in order to avoid calling an LLM again in the headless browser when the data itself hasn't changed.
How to test
app/security/rules/management) to ensure that all indexes are properly initialized.yarn start generate-alerts -n 10000 -h 100 -u 100 --start-date 60d --end-date nowScreen.Recording.2025-11-19.at.15.08.37.mov
Navigate to the "Value report" page. You can use the link on the left side, or you can go to
/app/security/reports/ai_value.Once the report loads, the "Export report" button should be enabled. Click on it and export it to a PDF. You should see a toast indicating that the export in ongoing and when it is done you should get a toast with a "Download report" button. Click on "Download report" and verify that the downloaded PDF matches the data that you are seeing on the screen.
Play with it by adjusting the time window in the date picker next to the Export report button.
Screen.Recording.2025-11-19.at.15.15.093.mov
Known issues
PDF
Website
Pending