[SECURITY] Rename siem plugin to security_solution (#67902) (#68246)

* rename siem to security_solution

* rename siem to security solution inside of code

* rename translation keys

* fix snapshot

* replace siem for security solution in tutorial

* missing translation to be renamed

* fix types for api test integration

* updates runner file to match the new path

* change category for kibana settings

* miss renaming in advance settings

* fixes cypress tests

* fix api integration test

* fix new translation

* fix unit test

* update translation i18n

* update translation i18n II

Co-authored-by: Gloria Hornero <snootchie.boochies@gmail.com>

Co-authored-by: Gloria Hornero <snootchie.boochies@gmail.com>

.eslintrc.js

@@ -591,11 +591,11 @@ module.exports = {
     },
 
     /**
-     * SIEM overrides
+     * Security Solution overrides
      */
     {
       // front end typescript and javascript files only
-      files: ['x-pack/plugins/siem/public/**/*.{js,ts,tsx}'],
+      files: ['x-pack/plugins/security_solution/public/**/*.{js,ts,tsx}'],
       rules: {
         'import/no-nodejs-modules': 'error',
         'no-restricted-imports': [
@@ -609,7 +609,7 @@ module.exports = {
     },
     {
       // typescript only for front and back end
-      files: ['x-pack/{,legacy/}plugins/siem/**/*.{ts,tsx}'],
+      files: ['x-pack/{,legacy/}plugins/security_solution/**/*.{ts,tsx}'],
       rules: {
         // This will be turned on after bug fixes are complete
         // '@typescript-eslint/explicit-member-accessibility': 'warn',
@@ -644,7 +644,7 @@ module.exports = {
     // {
     //   // will introduced after the other warns are fixed
     //   // typescript and javascript for front end react performance
-    //   files: ['x-pack/plugins/siem/public/**/!(*.test).{js,ts,tsx}'],
+    //   files: ['x-pack/plugins/security_solution/public/**/!(*.test).{js,ts,tsx}'],
     //   plugins: ['react-perf'],
     //   rules: {
     //     // 'react-perf/jsx-no-new-object-as-prop': 'error',
@@ -655,7 +655,7 @@ module.exports = {
     // },
     {
       // typescript and javascript for front and back end
-      files: ['x-pack/{,legacy/}plugins/siem/**/*.{js,ts,tsx}'],
+      files: ['x-pack/{,legacy/}plugins/security_solution/**/*.{js,ts,tsx}'],
       plugins: ['eslint-plugin-node', 'react'],
       env: {
         mocha: true,

.github/CODEOWNERS

@@ -0,0 +1,236 @@
+# GitHub CODEOWNERS definition
+# Identify which groups will be pinged by changes to different parts of the codebase.
+# For more info, see https://help.github.com/articles/about-codeowners/
+
+# App
+/x-pack/plugins/dashboard_enhanced/ @elastic/kibana-app
+/x-pack/plugins/lens/ @elastic/kibana-app
+/x-pack/plugins/graph/ @elastic/kibana-app
+/src/legacy/core_plugins/kibana/public/local_application_service/ @elastic/kibana-app
+/src/plugins/dashboard/ @elastic/kibana-app
+/src/plugins/discover/ @elastic/kibana-app
+/src/plugins/input_control_vis/ @elastic/kibana-app
+/src/plugins/kibana_legacy/ @elastic/kibana-app
+/src/plugins/vis_default_editor/ @elastic/kibana-app
+/src/plugins/vis_type_markdown/ @elastic/kibana-app
+/src/plugins/vis_type_metric/ @elastic/kibana-app
+/src/plugins/vis_type_table/ @elastic/kibana-app
+/src/plugins/vis_type_tagcloud/ @elastic/kibana-app
+/src/plugins/vis_type_timelion/ @elastic/kibana-app
+/src/plugins/vis_type_timeseries/ @elastic/kibana-app
+/src/plugins/vis_type_vega/ @elastic/kibana-app
+/src/plugins/vis_type_vislib/ @elastic/kibana-app
+/src/plugins/vis_type_xy/ @elastic/kibana-app
+/src/plugins/visualize/ @elastic/kibana-app
+
+# Core UI
+# Exclude tutorials folder for now because they are not owned by Kibana app and most will move out soon
+/src/plugins/home/public @elastic/kibana-core-ui
+/src/plugins/home/server/*.ts @elastic/kibana-core-ui
+/src/plugins/home/server/services/ @elastic/kibana-core-ui
+# Exclude tutorial resources folder for now because they are not owned by Kibana app and most will move out soon
+/src/legacy/core_plugins/kibana/public/home/*.ts @elastic/kibana-core-ui
+/src/legacy/core_plugins/kibana/public/home/*.scss @elastic/kibana-core-ui
+/src/legacy/core_plugins/kibana/public/home/np_ready/ @elastic/kibana-core-ui
+
+# App Architecture
+/examples/url_generators_examples/ @elastic/kibana-app-arch
+/examples/url_generators_explorer/ @elastic/kibana-app-arch
+/packages/kbn-interpreter/ @elastic/kibana-app-arch
+/src/legacy/core_plugins/embeddable_api/ @elastic/kibana-app-arch
+/src/legacy/core_plugins/interpreter/ @elastic/kibana-app-arch
+/src/legacy/core_plugins/kibana_react/ @elastic/kibana-app-arch
+/src/legacy/core_plugins/kibana/public/management/ @elastic/kibana-app-arch
+/src/legacy/core_plugins/kibana/server/routes/api/management/ @elastic/kibana-app-arch
+/src/legacy/core_plugins/visualizations/ @elastic/kibana-app-arch
+/src/legacy/server/index_patterns/ @elastic/kibana-app-arch
+/src/plugins/advanced_settings/ @elastic/kibana-app-arch
+/src/plugins/bfetch/ @elastic/kibana-app-arch
+/src/plugins/data/ @elastic/kibana-app-arch
+/src/plugins/embeddable/ @elastic/kibana-app-arch
+/src/plugins/expressions/ @elastic/kibana-app-arch
+/src/plugins/inspector/ @elastic/kibana-app-arch
+/src/plugins/kibana_react/ @elastic/kibana-app-arch
+/src/plugins/kibana_react/public/code_editor @elastic/kibana-canvas
+/src/plugins/kibana_utils/ @elastic/kibana-app-arch
+/src/plugins/management/ @elastic/kibana-app-arch
+/src/plugins/navigation/ @elastic/kibana-app-arch
+/src/plugins/share/ @elastic/kibana-app-arch
+/src/plugins/ui_actions/ @elastic/kibana-app-arch
+/src/plugins/visualizations/ @elastic/kibana-app-arch
+/x-pack/plugins/advanced_ui_actions/ @elastic/kibana-app-arch
+/x-pack/plugins/data_enhanced/ @elastic/kibana-app-arch
+/x-pack/plugins/drilldowns/ @elastic/kibana-app-arch
+
+# APM
+/x-pack/plugins/apm/  @elastic/apm-ui
+/x-pack/plugins/apm/  @elastic/apm-ui
+/x-pack/test/functional/apps/apm/  @elastic/apm-ui
+/src/legacy/core_plugins/apm_oss/  @elastic/apm-ui
+/src/plugins/apm_oss/  @elastic/apm-ui
+/src/apm.js @watson
+
+# Beats
+/x-pack/legacy/plugins/beats_management/  @elastic/beats
+
+# Canvas
+/x-pack/plugins/canvas/  @elastic/kibana-canvas
+/x-pack/test/functional/apps/canvas/  @elastic/kibana-canvas
+
+# Observability UIs
+/x-pack/legacy/plugins/infra/ @elastic/logs-metrics-ui
+/x-pack/plugins/infra/ @elastic/logs-metrics-ui
+/x-pack/plugins/ingest_manager/ @elastic/ingest-management
+/x-pack/legacy/plugins/ingest_manager/ @elastic/ingest-management
+/x-pack/plugins/observability/ @elastic/logs-metrics-ui @elastic/apm-ui @elastic/uptime @elastic/ingest-management
+/x-pack/legacy/plugins/monitoring/ @elastic/stack-monitoring-ui
+/x-pack/plugins/monitoring/ @elastic/stack-monitoring-ui
+/x-pack/plugins/uptime @elastic/uptime
+
+# Machine Learning
+/x-pack/legacy/plugins/ml/  @elastic/ml-ui
+/x-pack/plugins/ml/  @elastic/ml-ui
+/x-pack/test/functional/apps/machine_learning/  @elastic/ml-ui
+/x-pack/test/functional/services/machine_learning/  @elastic/ml-ui
+/x-pack/test/functional/services/ml.ts  @elastic/ml-ui
+# ML team owns and maintains the transform plugin despite it living in the Elasticsearch management section.
+/x-pack/plugins/transform/  @elastic/ml-ui
+/x-pack/test/functional/apps/transform/ @elastic/ml-ui
+/x-pack/test/functional/services/transform_ui/ @elastic/ml-ui
+/x-pack/test/functional/services/transform.ts @elastic/ml-ui
+
+# Maps
+/x-pack/legacy/plugins/maps/ @elastic/kibana-gis
+/x-pack/plugins/maps/ @elastic/kibana-gis
+/x-pack/test/api_integration/apis/maps/ @elastic/kibana-gis
+/x-pack/test/functional/apps/maps/ @elastic/kibana-gis
+/x-pack/test/functional/es_archives/maps/ @elastic/kibana-gis
+/x-pack/test/visual_regression/tests/maps/index.js @elastic/kibana-gis
+
+# Operations
+/src/dev/ @elastic/kibana-operations
+/src/setup_node_env/ @elastic/kibana-operations
+/src/optimize/ @elastic/kibana-operations
+/src/es_archiver/ @elastic/kibana-operations
+/packages/*eslint*/ @elastic/kibana-operations
+/packages/*babel*/ @elastic/kibana-operations
+/packages/kbn-dev-utils*/ @elastic/kibana-operations
+/packages/kbn-es/ @elastic/kibana-operations
+/packages/kbn-optimizer/ @elastic/kibana-operations
+/packages/kbn-pm/ @elastic/kibana-operations
+/packages/kbn-test/ @elastic/kibana-operations
+/packages/kbn-ui-shared-deps/ @elastic/kibana-operations
+/src/legacy/server/keystore/ @elastic/kibana-operations
+/src/legacy/server/pid/ @elastic/kibana-operations
+/src/legacy/server/sass/ @elastic/kibana-operations
+/src/legacy/server/utils/ @elastic/kibana-operations
+/src/legacy/server/warnings/ @elastic/kibana-operations
+/.ci/es-snapshots/ @elastic/kibana-operations
+/vars/ @elastic/kibana-operations
+
+# Quality Assurance
+/src/dev/code_coverage @elastic/kibana-qa
+/test/functional/services/common @elastic/kibana-qa
+/test/functional/services/lib @elastic/kibana-qa
+/test/functional/services/remote @elastic/kibana-qa
+
+# Platform
+/src/core/  @elastic/kibana-platform
+/config/kibana.yml @elastic/kibana-platform
+/x-pack/plugins/features/  @elastic/kibana-platform
+/x-pack/plugins/licensing/  @elastic/kibana-platform
+/x-pack/plugins/cloud/ @elastic/kibana-platform
+/packages/kbn-config-schema/ @elastic/kibana-platform
+/src/legacy/server/config/ @elastic/kibana-platform
+/src/legacy/server/http/ @elastic/kibana-platform
+/src/legacy/server/logging/ @elastic/kibana-platform
+/src/legacy/server/saved_objects/  @elastic/kibana-platform
+/src/legacy/server/status/ @elastic/kibana-platform
+/src/plugins/status_page/ @elastic/kibana-platform
+/src/plugins/saved_objects_management/ @elastic/kibana-platform
+/src/dev/run_check_published_api_changes.ts @elastic/kibana-platform
+
+# Security
+/src/core/server/csp/  @elastic/kibana-security @elastic/kibana-platform
+/x-pack/legacy/plugins/security/  @elastic/kibana-security
+/x-pack/legacy/plugins/spaces/  @elastic/kibana-security
+/x-pack/plugins/spaces/  @elastic/kibana-security
+/x-pack/plugins/encrypted_saved_objects/  @elastic/kibana-security
+/x-pack/plugins/security/  @elastic/kibana-security
+/x-pack/test/api_integration/apis/security/ @elastic/kibana-security
+
+# Kibana Localization
+/src/dev/i18n/  @elastic/kibana-localization
+/src/legacy/server/i18n/  @elastic/kibana-localization
+/src/core/public/i18n/  @elastic/kibana-localization
+/packages/kbn-i18n/  @elastic/kibana-localization
+
+# Pulse
+/packages/kbn-analytics/ @elastic/pulse
+/src/plugins/kibana_usage_collection/ @elastic/pulse
+/src/plugins/newsfeed/ @elastic/pulse
+/src/plugins/telemetry/ @elastic/pulse
+/src/plugins/telemetry_collection_manager/ @elastic/pulse
+/src/plugins/telemetry_management_section/ @elastic/pulse
+/src/plugins/usage_collection/ @elastic/pulse
+/x-pack/plugins/telemetry_collection_xpack/ @elastic/pulse
+
+# Kibana Alerting Services
+/x-pack/plugins/alerts/ @elastic/kibana-alerting-services
+/x-pack/plugins/actions/ @elastic/kibana-alerting-services
+/x-pack/plugins/event_log/ @elastic/kibana-alerting-services
+/x-pack/plugins/task_manager/ @elastic/kibana-alerting-services
+/x-pack/test/alerting_api_integration/ @elastic/kibana-alerting-services
+/x-pack/test/plugin_api_integration/plugins/task_manager/ @elastic/kibana-alerting-services
+/x-pack/test/plugin_api_integration/test_suites/task_manager/ @elastic/kibana-alerting-services
+/x-pack/plugins/triggers_actions_ui/ @elastic/kibana-alerting-services
+/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/ @elastic/kibana-alerting-services
+/x-pack/test/functional_with_es_ssl/fixtures/plugins/alerts/ @elastic/kibana-alerting-services
+
+# Design
+**/*.scss  @elastic/kibana-design
+
+# Elasticsearch UI
+/src/plugins/dev_tools/ @elastic/es-ui
+/src/plugins/console/  @elastic/es-ui
+/src/plugins/es_ui_shared/  @elastic/es-ui
+/x-pack/legacy/plugins/cross_cluster_replication/  @elastic/es-ui
+/x-pack/plugins/index_lifecycle_management/  @elastic/es-ui
+/x-pack/legacy/plugins/index_management/  @elastic/es-ui
+/x-pack/legacy/plugins/license_management/  @elastic/es-ui
+/x-pack/legacy/plugins/rollup/  @elastic/es-ui
+/x-pack/legacy/plugins/snapshot_restore/  @elastic/es-ui
+/x-pack/legacy/plugins/upgrade_assistant/  @elastic/es-ui
+/x-pack/plugins/console_extensions/  @elastic/es-ui
+/x-pack/plugins/es_ui_shared/  @elastic/es-ui
+/x-pack/plugins/grokdebugger/  @elastic/es-ui
+/x-pack/plugins/index_management/  @elastic/es-ui
+/x-pack/plugins/license_management/  @elastic/es-ui
+/x-pack/plugins/painless_lab/  @elastic/es-ui
+/x-pack/plugins/remote_clusters/  @elastic/es-ui
+/x-pack/plugins/rollup/  @elastic/es-ui
+/x-pack/plugins/searchprofiler/  @elastic/es-ui
+/x-pack/plugins/snapshot_restore/  @elastic/es-ui
+/x-pack/plugins/upgrade_assistant/  @elastic/es-ui
+/x-pack/plugins/watcher/  @elastic/es-ui
+/x-pack/plugins/ingest_pipelines/  @elastic/es-ui
+
+# Endpoint
+/x-pack/plugins/endpoint/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/api_integration/apis/endpoint/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/endpoint_api_integration_no_ingest/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/functional_endpoint/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/functional_endpoint_ingest_failure/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/functional/es_archives/endpoint/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/plugin_functional/plugins/resolver_test/ @elastic/endpoint-app-team @elastic/siem
+/x-pack/test/plugin_functional/test_suites/resolver/ @elastic/endpoint-app-team @elastic/siem
+
+# Security Solution
+/x-pack/plugins/security_solution/ @elastic/siem @elastic/endpoint-app-team
+/x-pack/test/detection_engine_api_integration @elastic/siem @elastic/endpoint-app-team
+/x-pack/test/api_integration/apis/security_solution @elastic/siem @elastic/endpoint-app-team
+/x-pack/plugins/case @elastic/siem @elastic/endpoint-app-team
+/x-pack/plugins/lists @elastic/siem @elastic/endpoint-app-team
+
+# Security Intelligence And Analytics
+/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics

Jenkinsfile

@@ -41,9 +41,9 @@ kibanaPipeline(timeoutMinutes: 155, checkPrChanges: true) {
             'xpack-ciGroup9': kibanaPipeline.xpackCiGroupProcess(9),
             'xpack-ciGroup10': kibanaPipeline.xpackCiGroupProcess(10),
             'xpack-accessibility': kibanaPipeline.functionalTestProcess('xpack-accessibility', './test/scripts/jenkins_xpack_accessibility.sh'),
-            'xpack-siemCypress': { processNumber ->
-              whenChanged(['x-pack/plugins/siem/', 'x-pack/test/siem_cypress/']) {
-                kibanaPipeline.functionalTestProcess('xpack-siemCypress', './test/scripts/jenkins_siem_cypress.sh')(processNumber)
+            'xpack-securitySolutionCypress': { processNumber ->
+              whenChanged(['x-pack/plugins/security_solution/', 'x-pack/test/security_solution_cypress/']) {
+                kibanaPipeline.functionalTestProcess('xpack-securitySolutionCypress', './test/scripts/jenkins_security_solution_cypress.sh')(processNumber)
               }
             },
 

src/cli/cluster/cluster_manager.ts

@@ -262,7 +262,7 @@ export class ClusterManager {
       ...pluginInternalDirsIgnore,
       fromRoot('src/legacy/server/sass/__tmp__'),
       fromRoot('x-pack/plugins/reporting/.chromium'),
-      fromRoot('x-pack/plugins/siem/cypress'),
+      fromRoot('x-pack/plugins/security_solution/cypress'),
       fromRoot('x-pack/plugins/apm/e2e'),
       fromRoot('x-pack/plugins/apm/scripts'),
       fromRoot('x-pack/plugins/canvas/canvas_plugin_src'), // prevents server from restarting twice for Canvas plugin changes,

src/dev/storybook/aliases.ts

@@ -26,5 +26,5 @@ export const storybookAliases = {
   drilldowns: 'x-pack/plugins/drilldowns/scripts/storybook.js',
   embeddable: 'src/plugins/embeddable/scripts/storybook.js',
   infra: 'x-pack/legacy/plugins/infra/scripts/storybook.js',
-  siem: 'x-pack/plugins/siem/scripts/storybook.js',
+  security_solution: 'x-pack/plugins/security_solution/scripts/storybook.js',
 };

src/dev/typescript/projects.ts

@@ -27,8 +27,8 @@ export const PROJECTS = [
   new Project(resolve(REPO_ROOT, 'test/tsconfig.json'), { name: 'kibana/test' }),
   new Project(resolve(REPO_ROOT, 'x-pack/tsconfig.json')),
   new Project(resolve(REPO_ROOT, 'x-pack/test/tsconfig.json'), { name: 'x-pack/test' }),
-  new Project(resolve(REPO_ROOT, 'x-pack/plugins/siem/cypress/tsconfig.json'), {
-    name: 'siem/cypress',
+  new Project(resolve(REPO_ROOT, 'x-pack/plugins/security_solution/cypress/tsconfig.json'), {
+    name: 'security_solution/cypress',
   }),
   new Project(resolve(REPO_ROOT, 'x-pack/plugins/apm/e2e/tsconfig.json'), {
     name: 'apm/cypress',

src/plugins/advanced_settings/public/management_app/lib/get_category_name.ts

@@ -46,8 +46,8 @@ const names: Record<string, string> = {
   search: i18n.translate('advancedSettings.categoryNames.searchLabel', {
     defaultMessage: 'Search',
   }),
-  siem: i18n.translate('advancedSettings.categoryNames.siemLabel', {
-    defaultMessage: 'SIEM',
+  securitySolution: i18n.translate('advancedSettings.categoryNames.securitySolutionLabel', {
+    defaultMessage: 'Security Solution',
   }),
 };
 

src/plugins/home/server/services/tutorials/lib/tutorial_schema.ts

@@ -26,7 +26,7 @@ const PARAM_TYPES = {
 
 const TUTORIAL_CATEGORY = {
   LOGGING: 'logging',
-  SIEM: 'siem',
+  SECURITY_SOLUTION: 'security solution',
   METRICS: 'metrics',
   OTHER: 'other',
 };

src/plugins/home/server/services/tutorials/lib/tutorials_registry_types.ts

@@ -22,7 +22,7 @@ import { KibanaRequest } from 'src/core/server';
 /** @public */
 export enum TutorialsCategory {
   LOGGING = 'logging',
-  SIEM = 'siem',
+  SECURITY_SOLUTION = 'security',
   METRICS = 'metrics',
   OTHER = 'other',
 }

src/plugins/home/server/tutorials/auditbeat/index.ts

@@ -36,7 +36,7 @@ export function auditbeatSpecProvider(context: TutorialContext): TutorialSchema
     name: i18n.translate('home.tutorials.auditbeat.nameTitle', {
       defaultMessage: 'Auditbeat',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.auditbeat.shortDescription', {
       defaultMessage: 'Collect audit data from your hosts.',
     }),
@@ -53,9 +53,9 @@ processes, users, logins, sockets information, file accesses, and more. \
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.auditbeat.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/cisco_logs/index.ts

@@ -37,7 +37,7 @@ export function ciscoLogsSpecProvider(context: TutorialContext): TutorialSchema
     name: i18n.translate('home.tutorials.ciscoLogs.nameTitle', {
       defaultMessage: 'Cisco',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.ciscoLogs.shortDescription', {
       defaultMessage: 'Collect and parse logs received from Cisco ASA firewalls.',
     }),
@@ -54,9 +54,9 @@ supports the "asa" fileset for Cisco ASA firewall logs received over syslog or r
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.ciscoLogs.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/coredns_logs/index.ts

@@ -37,7 +37,7 @@ export function corednsLogsSpecProvider(context: TutorialContext): TutorialSchem
     name: i18n.translate('home.tutorials.corednsLogs.nameTitle', {
       defaultMessage: 'CoreDNS logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.corednsLogs.shortDescription', {
       defaultMessage: 'Collect the logs created by Coredns.',
     }),

src/plugins/home/server/tutorials/envoyproxy_logs/index.ts

@@ -37,7 +37,7 @@ export function envoyproxyLogsSpecProvider(context: TutorialContext): TutorialSc
     name: i18n.translate('home.tutorials.envoyproxyLogs.nameTitle', {
       defaultMessage: 'Envoyproxy',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.envoyproxyLogs.shortDescription', {
       defaultMessage: 'Collect and parse logs received from the Envoy proxy.',
     }),
@@ -54,9 +54,9 @@ It supports both standalone deployment and Envoy proxy deployment in Kubernetes.
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.envoyproxyLogs.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/iptables_logs/index.ts

@@ -37,7 +37,7 @@ export function iptablesLogsSpecProvider(context: TutorialContext): TutorialSche
     name: i18n.translate('home.tutorials.iptablesLogs.nameTitle', {
       defaultMessage: 'Iptables / Ubiquiti',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.iptablesLogs.shortDescription', {
       defaultMessage: 'Collect and parse iptables and ip6tables logs or from Ubiqiti firewalls.',
     }),
@@ -56,9 +56,9 @@ number and the action performed on the traffic (allow/deny).. \
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.iptablesLogs.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/netflow/index.ts

@@ -28,7 +28,7 @@ export function netflowSpecProvider() {
   return {
     id: 'netflow',
     name: 'Netflow',
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.netflow.tutorialShortDescription', {
       defaultMessage: 'Collect Netflow records sent by a Netflow exporter.',
     }),

src/plugins/home/server/tutorials/osquery_logs/index.ts

@@ -37,7 +37,7 @@ export function osqueryLogsSpecProvider(context: TutorialContext): TutorialSchem
     name: i18n.translate('home.tutorials.osqueryLogs.nameTitle', {
       defaultMessage: 'Osquery logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.osqueryLogs.shortDescription', {
       defaultMessage: 'Collect the result logs created by osqueryd.',
     }),

src/plugins/home/server/tutorials/suricata_logs/index.ts

@@ -37,7 +37,7 @@ export function suricataLogsSpecProvider(context: TutorialContext): TutorialSche
     name: i18n.translate('home.tutorials.suricataLogs.nameTitle', {
       defaultMessage: 'Suricata logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.suricataLogs.shortDescription', {
       defaultMessage: 'Collect the result logs created by Suricata IDS/IPS/NSM.',
     }),

src/plugins/home/server/tutorials/windows_event_logs/index.ts

@@ -36,7 +36,7 @@ export function windowsEventLogsSpecProvider(context: TutorialContext): Tutorial
       defaultMessage: 'Windows Event Log',
     }),
     isBeta: false,
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.windowsEventLogs.shortDescription', {
       defaultMessage: 'Fetch logs from the Windows Event Log.',
     }),

src/plugins/home/server/tutorials/zeek_logs/index.ts

@@ -37,7 +37,7 @@ export function zeekLogsSpecProvider(context: TutorialContext): TutorialSchema {
     name: i18n.translate('home.tutorials.zeekLogs.nameTitle', {
       defaultMessage: 'Zeek logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.zeekLogs.shortDescription', {
       defaultMessage: 'Collect the logs created by Zeek/Bro.',
     }),

test/scripts/jenkins_security_solution_cypress.sh

@@ -8,14 +8,14 @@ cp -R "$installDir" "$destDir"
 
 export KIBANA_INSTALL_DIR="$destDir"
 
-echo " -> Running SIEM cypress tests"
+echo " -> Running security solution cypress tests"
 cd "$XPACK_DIR"
 
-checks-reporter-with-killswitch "SIEM Cypress Tests" \
+checks-reporter-with-killswitch "Security solution Cypress Tests" \
   node scripts/functional_tests \
     --debug --bail \
     --kibana-install-dir "$KIBANA_INSTALL_DIR" \
-    --config test/siem_cypress/config.ts
+    --config test/security_solution_cypress/config.ts
 
 echo ""
 echo ""

test/scripts/jenkins_xpack.sh

@@ -16,7 +16,7 @@ echo ""
 
 echo " -> Running SIEM cyclic dependency test"
 cd "$XPACK_DIR"
-checks-reporter-with-killswitch "X-Pack SIEM cyclic dependency test" node plugins/siem/scripts/check_circular_deps
+checks-reporter-with-killswitch "X-Pack SIEM cyclic dependency test" node plugins/security_solution/scripts/check_circular_deps
 echo ""
 echo ""
 

x-pack/.gitignore

@@ -12,4 +12,4 @@
 /.kibana-plugin-helpers.dev.*
 !/legacy/plugins/infra/**/target
 .cache
-!/legacy/plugins/siem/**/target
+!/legacy/plugins/security_solution/**/target

x-pack/.i18nrc.json

@@ -41,7 +41,7 @@
     "xpack.searchProfiler": "plugins/searchprofiler",
     "xpack.security": ["legacy/plugins/security", "plugins/security"],
     "xpack.server": "legacy/server",
-    "xpack.siem": "plugins/siem",
+    "xpack.securitySolution": "plugins/security_solution",
     "xpack.snapshotRestore": "plugins/snapshot_restore",
     "xpack.spaces": ["legacy/plugins/spaces", "plugins/spaces"],
     "xpack.taskManager": "legacy/plugins/task_manager",

x-pack/plugins/lists/common/siem_common_deps.ts

@@ -4,5 +4,5 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { exactCheck } from '../../siem/common/exact_check';
-export { getPaths, foldLeftRight } from '../../siem/common/test_utils';
+export { exactCheck } from '../../security_solution/common/exact_check';
+export { getPaths, foldLeftRight } from '../../security_solution/common/test_utils';

x-pack/plugins/lists/server/siem_server_deps.ts

@@ -18,4 +18,4 @@ export {
   getIndexExists,
   buildRouteValidation,
   validate,
-} from '../../siem/server';
+} from '../../security_solution/server';

x-pack/plugins/security_solution/.gitattributes

@@ -0,0 +1,6 @@
+# Auto-collapse generated files in GitHub
+# https://help.github.com/en/articles/customizing-how-changed-files-appear-on-github
+x-pack/plugins/security_solution/server/graphql/types.ts linguist-generated=true
+x-pack/plugins/security_solution/public/graphql/types.ts linguist-generated=true
+x-pack/plugins/security_solution/public/graphql/introspection.json linguist-generated=true
+

x-pack/plugins/security_solution/common/constants.ts

@@ -4,24 +4,24 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export const APP_ID = 'siem';
-export const APP_NAME = 'SIEM';
+export const APP_ID = 'securitySolution';
+export const APP_NAME = 'Security';
 export const APP_ICON = 'securityAnalyticsApp';
-export const APP_PATH = `/app/${APP_ID}`;
+export const APP_PATH = `/app/security`;
 export const DEFAULT_BYTES_FORMAT = 'format:bytes:defaultPattern';
 export const DEFAULT_DATE_FORMAT = 'dateFormat';
 export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz';
 export const DEFAULT_DARK_MODE = 'theme:darkMode';
-export const DEFAULT_INDEX_KEY = 'siem:defaultIndex';
+export const DEFAULT_INDEX_KEY = 'securitySolution:defaultIndex';
 export const DEFAULT_NUMBER_FORMAT = 'format:number:defaultPattern';
 export const DEFAULT_TIME_RANGE = 'timepicker:timeDefaults';
 export const DEFAULT_REFRESH_RATE_INTERVAL = 'timepicker:refreshIntervalDefaults';
-export const DEFAULT_SIEM_TIME_RANGE = 'siem:timeDefaults';
-export const DEFAULT_SIEM_REFRESH_INTERVAL = 'siem:refreshIntervalDefaults';
+export const DEFAULT_APP_TIME_RANGE = 'securitySolution:timeDefaults';
+export const DEFAULT_APP_REFRESH_INTERVAL = 'securitySolution:refreshIntervalDefaults';
 export const DEFAULT_SIGNALS_INDEX = '.siem-signals';
 export const DEFAULT_MAX_SIGNALS = 100;
 export const DEFAULT_SEARCH_AFTER_PAGE_SIZE = 100;
-export const DEFAULT_ANOMALY_SCORE = 'siem:defaultAnomalyScore';
+export const DEFAULT_ANOMALY_SCORE = 'securitySolution:defaultAnomalyScore';
 export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
 export const DEFAULT_SCALE_DATE_FORMAT = 'dateFormat:scaled';
 export const DEFAULT_FROM = 'now-24h';
@@ -42,16 +42,16 @@ export const DEFAULT_INDEX_PATTERN = [
 ];
 
 /** This Kibana Advanced Setting enables the `Security news` feed widget */
-export const ENABLE_NEWS_FEED_SETTING = 'siem:enableNewsFeed';
+export const ENABLE_NEWS_FEED_SETTING = 'securitySolution:enableNewsFeed';
 
 /** This Kibana Advanced Setting specifies the URL of the News feed widget */
-export const NEWS_FEED_URL_SETTING = 'siem:newsFeedUrl';
+export const NEWS_FEED_URL_SETTING = 'securitySolution:newsFeedUrl';
 
 /** The default value for News feed widget */
 export const NEWS_FEED_URL_SETTING_DEFAULT = 'https://feeds.elastic.co/security-solution';
 
 /** This Kibana Advanced Setting specifies the URLs of `IP Reputation Links`*/
-export const IP_REPUTATION_LINKS_SETTING = 'siem:ipReputationLinks';
+export const IP_REPUTATION_LINKS_SETTING = 'securitySolution:ipReputationLinks';
 
 /** The default value for `IP Reputation Links` */
 export const IP_REPUTATION_LINKS_SETTING_DEFAULT = `[
@@ -62,12 +62,12 @@ export const IP_REPUTATION_LINKS_SETTING_DEFAULT = `[
 /**
  * Id for the signals alerting type
  */
-export const SIGNALS_ID = `${APP_ID}.signals`;
+export const SIGNALS_ID = `siem.signals`;
 
 /**
  * Id for the notifications alerting type
  */
-export const NOTIFICATIONS_ID = `${APP_ID}.notifications`;
+export const NOTIFICATIONS_ID = `siem.notifications`;
 
 /**
  * Special internal structure for tags for signals. This is used

x-pack/plugins/security_solution/common/endpoint_alerts/schema/alert_index.ts

@@ -47,7 +47,7 @@ export const alertingIndexGetQuerySchema = schema.object(
           try {
             decode(value);
           } catch (err) {
-            return i18n.translate('xpack.siem.endpoint.alerts.errors.bad_rison', {
+            return i18n.translate('xpack.securitySolution.endpoint.alerts.errors.bad_rison', {
               defaultMessage: 'must be a valid rison-encoded string',
             });
           }
@@ -62,7 +62,7 @@ export const alertingIndexGetQuerySchema = schema.object(
           try {
             decode(value);
           } catch (err) {
-            return i18n.translate('xpack.siem.endpoint.alerts.errors.bad_rison', {
+            return i18n.translate('xpack.securitySolution.endpoint.alerts.errors.bad_rison', {
               defaultMessage: 'must be a valid rison-encoded string',
             });
           }
@@ -77,7 +77,7 @@ export const alertingIndexGetQuerySchema = schema.object(
           try {
             decode(value);
           } catch (err) {
-            return i18n.translate('xpack.siem.endpoint.alerts.errors.bad_rison', {
+            return i18n.translate('xpack.securitySolution.endpoint.alerts.errors.bad_rison', {
               defaultMessage: 'must be a valid rison-encoded string',
             });
           }
@@ -89,7 +89,7 @@ export const alertingIndexGetQuerySchema = schema.object(
     validate(value) {
       if (value.after !== undefined && value.page_index !== undefined) {
         return i18n.translate(
-          'xpack.siem.endpoint.alerts.errors.page_index_cannot_be_used_with_after',
+          'xpack.securitySolution.endpoint.alerts.errors.page_index_cannot_be_used_with_after',
           {
             defaultMessage: '[page_index] cannot be used with [after]',
           }
@@ -97,7 +97,7 @@ export const alertingIndexGetQuerySchema = schema.object(
       }
       if (value.before !== undefined && value.page_index !== undefined) {
         return i18n.translate(
-          'xpack.siem.endpoint.alerts.errors.page_index_cannot_be_used_with_before',
+          'xpack.securitySolution.endpoint.alerts.errors.page_index_cannot_be_used_with_before',
           {
             defaultMessage: '[page_index] cannot be used with [before]',
           }
@@ -105,7 +105,7 @@ export const alertingIndexGetQuerySchema = schema.object(
       }
       if (value.before !== undefined && value.after !== undefined) {
         return i18n.translate(
-          'xpack.siem.endpoint.alerts.errors.before_cannot_be_used_with_after',
+          'xpack.securitySolution.endpoint.alerts.errors.before_cannot_be_used_with_after',
           {
             defaultMessage: '[before] cannot be used with [after]',
           }

x-pack/plugins/security_solution/cypress/README.md

@@ -1,6 +1,6 @@
 # Cypress Tests
 
-The `siem/cypress` directory contains end to end tests, (plus a few tests
+The `security_solution/cypress` directory contains end to end tests, (plus a few tests
 that rely on mocked API calls), that execute via [Cypress](https://www.cypress.io/).
 
 Cypress tests may be run against:
@@ -20,7 +20,7 @@ automatically when you submit a PR.
 
 ## Smoke Tests
 
-Smoke Tests are located in `siem/cypress/integration/smoke_tests`
+Smoke Tests are located in `security_solution/cypress/integration/smoke_tests`
 
 ## Structure
 
@@ -53,7 +53,7 @@ it's necessary because a test must assert that a specific value is rendered,
 and it's not possible to derive that value based on the data in the
 environment where tests are running.
 
-Mocked responses API from the server are located in `siem/cypress/fixtures`.
+Mocked responses API from the server are located in `security_solution/cypress/fixtures`.
 
 ## Speeding up test execution time
 
@@ -124,20 +124,20 @@ yarn kbn bootstrap
 2. Launch Cypress command line test runner:
 
 ```sh 
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 yarn cypress:run-as-ci
 ```
 
 Note that with this type of execution you don't need to have running a kibana and elasticsearch instance. This is because
  the command, as it would happen in the CI, will launch the instances. The elasticsearch instance will be fed data 
- found in: `x-pack/test/siem_cypress/es_archives`
+ found in: `x-pack/test/security_solution_cypress/es_archives`
  
 As in this case we want to mimic a CI execution we want to execute the tests with the same set of data, this is why 
 in this case does not make sense to override Cypress environment variables. 
 
 ### Test data
 
-As mentioned above, when running the tests as Jenkins the tests are populated with data ("archives") found in: `x-pack/test/siem_cypress/es_archives`.
+As mentioned above, when running the tests as Jenkins the tests are populated with data ("archives") found in: `x-pack/test/security_solution_cypress/es_archives`.
 
 By default, each test is populated with some base data: an empty kibana index and a set of auditbeat data (the `empty_kibana` and `auditbeat` archives, respectively). This is usually enough to cover most of the scenarios that we are testing.
 
@@ -168,7 +168,7 @@ Note that loading and unloading data take a significant amount of time, so try t
 
 ### Current archives
 
-The current archives can be found in `x-pack/test/siem_cypress/es_archives/`.
+The current archives can be found in `x-pack/test/security_solution_cypress/es_archives/`.
 
 - auditbeat
   - Auditbeat data generated in Sep, 2019 with the following hosts present: 
@@ -193,15 +193,15 @@ We are using es_archiver in order to manage the data that our Cypress tests need
 
 1. Setup if possible a clean instance of kibana and elasticsearch (if not, possible please try to clean the data that you are going to generate).
 2. With the kibana and elasticsearch instance up and running, create the data that you need for your test.
-3. When you are sure that you have all the data you need run the following command from: `x-pack/plugins/siem`
+3. When you are sure that you have all the data you need run the following command from: `x-pack/plugins/security_solution`
 
 ```sh 
-node ../../../scripts/es_archiver save <nameOfTheFolderWhereDataIsSaved> <indexPatternsToBeSaved>  --dir ../../test/siem_cypress/es_archives --config ../../../test/functional/config.js --es-url http://<elasticsearchUsername>:<elasticsearchPassword>@<elasticsearchHost>:<elasticsearchPort>
+node ../../../scripts/es_archiver save <nameOfTheFolderWhereDataIsSaved> <indexPatternsToBeSaved>  --dir ../../test/security_solution_cypress/es_archives --config ../../../test/functional/config.js --es-url http://<elasticsearchUsername>:<elasticsearchPassword>@<elasticsearchHost>:<elasticsearchPort>
 ```
 
 Example: 
 ```sh
-node ../../../scripts/es_archiver save custom_rules ".kibana",".siem-signal*"  --dir ../../test/siem_cypress/es_archives --config ../../../test/functional/config.js --es-url http://elastic:changeme@localhost:9220
+node ../../../scripts/es_archiver save custom_rules ".kibana",".siem-signal*"  --dir ../../test/security_solution_cypress/es_archives --config ../../../test/functional/config.js --es-url http://elastic:changeme@localhost:9220
 ```
 
 Note that the command is going to create the folder if does not exist in the directory with the imported data.
@@ -233,10 +233,10 @@ yarn start --no-base-path
 4. Launch the Cypress interactive test runner via one of the following options:
 
 - To run tests interactively against the default (local) host specified by
-`baseUrl`, as configured in `plugins/siem/cypress.json`:
+`baseUrl`, as configured in `plugins/security_solution/cypress.json`:
 
 ```sh
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 yarn cypress:open
 ```
 
@@ -245,7 +245,7 @@ yarn cypress:open
 test runner, as shown in the following example:
 
 ```sh
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 CYPRESS_baseUrl=http://localhost:5601 yarn cypress:open
 ```
 
@@ -253,7 +253,7 @@ CYPRESS_baseUrl=http://localhost:5601 yarn cypress:open
 running tests interactively:
 
 ```sh
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 CYPRESS_baseUrl=http://localhost:5601 CYPRESS_ELASTICSEARCH_USERNAME=elastic CYPRESS_ELASTICSEARCH_PASSWORD=<password> yarn cypress:open
 ```
 
@@ -282,10 +282,10 @@ yarn start --no-base-path
 4. Launch the Cypress command line test runner via one of the following options:
 
 - To run tests on the command line against the default (local) host specified by
-`baseUrl`, as configured in `plugins/siem/cypress.json`:
+`baseUrl`, as configured in `plugins/security_solution/cypress.json`:
 
 ```sh
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 yarn cypress:run
 ```
 
@@ -294,7 +294,7 @@ yarn cypress:run
 the following example:
 
 ```sh
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 CYPRESS_baseUrl=http://localhost:5601 yarn cypress:run
 ```
 
@@ -302,7 +302,7 @@ CYPRESS_baseUrl=http://localhost:5601 yarn cypress:run
 running via the command line:
 
 ```sh
-cd x-pack/plugins/siem
+cd x-pack/plugins/security_solution
 CYPRESS_baseUrl=http://localhost:5601 CYPRESS_ELASTICSEARCH_USERNAME=elastic CYPRESS_ELASTICSEARCH_PASSWORD=<password> yarn cypress:run
 ```
 
@@ -317,7 +317,7 @@ of the Kibana, as detailed for each artifact type in the sections below.
 An HTML report (e.g. for email notifications) is output to:
 
 ```
-target/kibana-siem/cypress/results/output.html
+target/kibana-security-solution/cypress/results/output.html
 ```
 
 ### Screenshots
@@ -325,14 +325,14 @@ target/kibana-siem/cypress/results/output.html
 Screenshots of failed tests are output to:
 
 ```
-target/kibana-siem/cypress/screenshots
+target/kibana-security-solution/cypress/screenshots
 ```
 
 ### `junit` Reports
 
 The Kibana CI process reports `junit` test results from the `target/junit` directory.
 
-Cypress `junit` reports are generated in `target/kibana-siem/cypress/results`
+Cypress `junit` reports are generated in `target/kibana-security-solution/cypress/results`
 and copied to the `target/junit` directory.
 
 ### Videos (optional)
@@ -347,7 +347,7 @@ CYPRESS_video=true yarn cypress:run
 Videos are (optionally) output to:
 
 ```
-target/kibana-siem/cypress/videos
+target/kibana-security-solution/cypress/videos
 ```
 
 ## Linting 

x-pack/plugins/security_solution/cypress/cypress.json

@@ -0,0 +1,8 @@
+{
+  "baseUrl": "http://localhost:5601",
+  "defaultCommandTimeout": 120000,
+  "screenshotsFolder": "../../../target/kibana-security-solution/cypress/screenshots",
+  "trashAssetsBeforeRuns": false,
+  "video": false,
+  "videosFolder": "../../../target/kibana-security-solution/cypress/videos"
+}