Feat/14047 sigma rules to event definition wizard UI#26111
Open
zeeklop wants to merge 16 commits into
Open
Conversation
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
…t/14047-sigma-rules-to-event-definition-wizard-ui
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Sigma rule import entry points into the Event Definition creation UX, while refactoring the existing Event Definition wizard to share common steps and leverage new data-fetching hooks.
Changes:
- Introduces new Sigma import routes and integrates Sigma import options into the Event Definitions list header actions.
- Refactors Event Definition wizard step construction into a reusable “common steps” hook and simplifies the form/wizard component API.
- Adds React Query hooks to load entity types, cluster config, and event notifications, plus small UI improvements (submit-state handling, hidden steps support).
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| graylog2-web-interface/src/stores/event-notifications/EventNotificationsStore.ts | Makes listAll() return its promise to support React Query usage. |
| graylog2-web-interface/src/routing/Routes.ts | Adds Sigma import route constants under alerts definitions. |
| graylog2-web-interface/src/routing/AppRouter.tsx | Wires Sigma import routes to the event definition creation page. |
| graylog2-web-interface/src/pages/EventDefinitionsPage.tsx | Adds Sigma import options next to the “Create Event Definition” button (via plugin export). |
| graylog2-web-interface/src/pages/CreateEventDefinitionPage.tsx | Minor formatting/cleanup while continuing to drive wizard via step query param. |
| graylog2-web-interface/src/components/event-definitions/types.ts | Extends plugin export typings for Sigma import/upload/options components. |
| graylog2-web-interface/src/components/event-definitions/hooks/useEventDefinitions.ts | Adds React Query hooks for entity types, cluster config, and event notifications. |
| graylog2-web-interface/src/components/event-definitions/event-definitions-types.ts | Extends wizard controls props (submit disabled/submitting flags). |
| graylog2-web-interface/src/components/event-definitions/event-definition-form/useEventDefinitionCommonSteps.tsx | New shared step builder + new shared initial event definition shape. |
| graylog2-web-interface/src/components/event-definitions/event-definition-form/EventDefinitionFormControls.tsx | Enhances submit button UX (disabled/submitting + spinner/text). |
| graylog2-web-interface/src/components/event-definitions/event-definition-form/EventDefinitionFormContainer.tsx | Moves step assembly into container and adopts new React Query hooks. |
| graylog2-web-interface/src/components/event-definitions/event-definition-form/EventDefinitionForm.tsx | Accepts externally-built steps and manages telemetry for wizard navigation. |
| graylog2-web-interface/src/components/common/Wizard.tsx | Adds optional hidden property to steps. |
| graylog2-web-interface/src/components/common/CreateButton.tsx | Refactors permission wrapping logic for create buttons. |
Comments suppressed due to low confidence (2)
graylog2-web-interface/src/components/common/CreateButton.tsx:76
PermissionWrapperis rendered without passing the entity creator’s required permissions, so the create button will be visible/clickable even whenentityCreator.permissionsis set. This effectively bypasses permission gating for entity creation.
Pass permissions={entityCreator.permissions} to PermissionWrapper (and consider keeping the previous behavior of conditionally wrapping based on entityCreator.permissions).
return (
<PermissionWrapper>
<LinkContainer to={entityCreator.path}>
<Button bsSize="md" bsStyle="primary" onClick={_onClick} disabled={disabled}>
{entityCreator.title}
</Button>
</LinkContainer>
</PermissionWrapper>
graylog2-web-interface/src/components/event-definitions/event-definition-form/EventDefinitionForm.tsx:103
- Step click telemetry is selected by indexing into
STEP_TELEMETRY_KEYSusing the current steps array index. Because the wizard steps are dynamically filtered (e.g., fields can be hidden, and the Share step is present only on create), this index-based lookup can map to the wrong telemetry event or toundefined(e.g., clicking Summary when Share is present). That results in incorrect telemetry and can trigger runtime warnings/errors in telemetry capture.
Use a key-based mapping (stepKey -> telemetry event type) and only call sendTelemetry when a mapping exists.
const currentStepKeys = steps.map((step) => step.key);
const activeStepIndex = currentStepKeys.indexOf(activeStep);
const handleStepChange = (nextStep: string) => {
sendTelemetry(STEP_TELEMETRY_KEYS[currentStepKeys.indexOf(nextStep)], {
app_pathname: getPathnameWithoutId(pathname),
app_section: action === 'create' ? 'new-event-definition' : 'edit-event-definition',
app_action_value: 'event-definition-step',
current_step: steps[activeStepIndex]?.title,
});
onChangeStep(nextStep);
};
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+33
to
+38
| return ( | ||
| <> | ||
| <CreateButton entityKey="Event Definition" /> | ||
| <SigmaOptionsComponent /> | ||
| </> | ||
| ); |
Comment on lines
+44
to
+59
| export const INITIAL_EVENT_DEFINITION: EventDefinition = { | ||
| title: '', | ||
| description: '', | ||
| priority: EventDefinitionPriorityEnum.MEDIUM, | ||
| // @ts-ignore | ||
| config: {}, | ||
| field_spec: {}, | ||
| key_spec: [], | ||
| notification_settings: { | ||
| grace_period_ms: 300000, | ||
| // Defaults to system setting for notification backlog size | ||
| backlog_size: null, | ||
| }, | ||
| notifications: [], | ||
| alert: false, | ||
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implemented the UI to upload/import sigma rules and create an event definition directly.
closes: Graylog2/graylog-plugin-enterprise#14047
/nocl
Description
Motivation and Context
Improve our overall UX
How Has This Been Tested?
Unit test
Screenshots (if appropriate):
Types of changes
Checklist:
For more guidance see our Pull Request Guide in Confluence.