* [Security Solution][Platform] - Exceptions imports (#118816)
## Summary
Addresses https://github.com/elastic/kibana/issues/92613 and https://github.com/elastic/kibana/issues/117399
Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.
- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
* Only allow data view creation if job will be started
* update tests
* no stat fetching when job not started
* ensure result index exists before dataview creation attempt
* update error message and increase retry delay
* use getIdsWithTitle to avoid fieldsWithWildcard call
* move dataview validation to create step
* use exists api in ml index_exists endpoint
* refactor retry function
* fix duplicate i18n ids
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Added enterprise search panel, corrected queries
* Update the index pattern for Enterprise Search
* Typescript error ignore
* Our timestamp fields are called @timestamp (per ECS)
* Adjust Enterprise Search index patterns with the rest of monitoring plugin patterns (including CCS, etc)
* Initial implementation of the Enterprise Search overview panel (health only)
* Add a basic stub for enterprise search response fields
* Cleanup aggs configs
* Bring back a file deleted by mistake
* Started working on the overview page
* Correctly use heap_max as the total heap
* Ent search breadcrumbs
* Simple overview
* Allow the cluster_uuid filter to be skipped while fetching metrics
* Cleanup
* Switch to module-level uuid field and use both types of events
* Add stats-based product usage metrics + apply filter paths to reduce traffic
* Change the name of the ent search overview class
* Move the standalone cluster hack in the the internal function
* Change the overview page to show product usage metrics + introduce enterprise search stats in addition to metrics (they are fetched differently and allow us to reuse the stats code we have for the main page panel)
* Cluster UUID is at the module level now
* Simplify ent search pages structure, only have one overview page
* Fix ent search icon
* Add total instances
* Product usage metric graphs
* Simplify metrics loading in the overview page since we load all metrics anyways
* Add more enterprise search overview metrics
* Avoid duplicate labels
* linting
* Revert "Simplify metrics loading in the overview page since we load all metrics anyways"
This reverts commit 4bd67ab88a.
* Switch to multiple timeseries per graph
* Reorder graphs and metrics for better experience
* Typescript fixes
* i18n fixes
* Added a couple more JVM metrics
* Completely covered JVM metrics
* Convert Enterprise Search component to Typescript
* Switch config setting back
* Remove the nodes link since it raises more questions than it solves
* Update jest snapshots with the new metrics
* Remove console statement
* Properly handle cases when aggregations return no data for Enterprise Search
* Add a functional test for the Enterprise search cluster list panel
* Add a functional test for Enterprise Search overview page
* Update multicluster API response fixture with the new enterprise search response key
* Default uptime value is 0
* update overview fixture
* More fixture updates
* Remove fixmes
* Fix imports
* Properly export type
* Maybe fix the type checking error
* PR Feedback
* TS fixes
Co-authored-by: cdelgado <carlos.delgado@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Jason Stoltzfus <jason.stoltzfus@elastic.co>
Co-authored-by: Oleksiy Kovyrin <oleksiy@kovyrin.net>
Co-authored-by: cdelgado <carlos.delgado@elastic.co>
Co-authored-by: Jason Stoltzfus <jason.stoltzfus@elastic.co>
* FTR should use the new kibana_system user
* Fix security api integration tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Rudolf Meijering <rudolf.meijering@elastic.co>
* [Security Solutions] Removes tech debt of exporting all from linter rule for cases plugin in the common section (#120310)
See: https://github.com/elastic/kibana/issues/110903, https://github.com/elastic/kibana/issues/120234
This removes as many top level API `export *` spots from:
* `cases` plugin within the common section
as we can. This reduces the number of metrics and warning about undocumented functions and reduces the page load size from `cases/common/index.ts`. Look at the metrics from the build below and you will see drop off numbers across the board for required API documentation to the page load size.
In the file `cases/common/index.ts` I now put the advice of:
```
// Careful of exporting anything from this file as any file(s) you export here will cause your page bundle size to increase.
// If you're using functions/types/etc... internally or within integration tests it's best to import directly from their paths
// than expose the functions/types/etc... here. You should _only_ expose functions/types/etc... that need to be shared with other plugins here.
// When you do have to add things here you might want to consider creating a package such as kbn-cases-constants to share with
// other plugins instead as packages are easier to break down and you do not have to carry the cost of extra plugin weight on
// first download since the other plugins/areas of your code can directly pull from the package in their async imports.
// For example, constants below could eventually be in a "kbn-cases-constants" instead.
// See: https://docs.elastic.dev/kibana-dev-docs/key-concepts/platform-intro#public-plugin-api
```
Some of those that are exposed such as `throwErrors` might actually be small simple mistakes as `security_solution` is using it but it has a "copy" of the same utility within just its server section rather than within its common section. That can be done in a different cleanup PR and cases team can decide what to do moving forward with their API before or post 8.0.0 release.
For the metric increasing of:
| id | [before](f01106c100) | [after](f2e5d6a848) | diff |
| --- | --- | --- | --- |
| `cases` | 16 | 22 | +6 |
Running that suggestion:
```sh
node --max-old-space-size=6096 scripts/build_api_docs --plugin cases --stats exports
```
I see this:
<img width="1851" alt="Screen Shot 2021-12-03 at 9 30 45 AM" src="https://user-images.githubusercontent.com/1151048/144638952-43d50478-ea12-4ce1-8f73-585c735772b4.png">
I don't know if there is a way just yet to mark undocumented public API's but I don't feel concerned with it at the moment and if the case team wants to re-expose those or are going to support API's through documentation they can decide what to do. This PR is more about just removing as much as possible to start with and then go the other direction where the individual teams can decide what to expose and if the download weight is worth it or if it's just `export type` and holds no weight, etc...
* Updated staged files
* Fixed prettier issues
* [Actionable Observability] Rewrite APM registry rules for Observability
* removing apm's rule registry test
* Moving everything under observability_api_integration
* removing old observability directory under api_integrations since it's not being used
* removing observability from api_integration tests
* renaming file
* moving test to x-pack/test/rule_registry
* Adding error handing to cleanupTargetIndices
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Chris Cowan <chris@elastic.co>
## Summary
**Addresses: https://github.com/elastic/kibana/issues/120229**
- Adjusted `rues/_find` API also to return execution metrics. It was returning only execution status information before.
- Removed `rues/_find_statuses` API as it is not used anymore.
- To display the rules management table, now we need to make only one API call. That greatly improves the rule management table performance, making user interactions like changing pages, sorting, filtering, etc., much smoother.
### Performance improvements
| 20 rules per page | Before | After |
|------------------|--------|-------|
| Response time | 200-250 ms | 60-70 ms|
| ES requests count | 23 | 2 |
| 100 rules per page | Before | After |
|------------------|--------|-------|
| Response time | 800-1200ms | 80-90ms |
| ES requests count | 103 | 2 |
Co-authored-by: Dmitry Shevchenko <dmitrii.shevchenko@elastic.co>
* [ML] Fixes data grid column actions button when histogram charts are visible
* [ML] Adjust histogram color tolerance values
* [ML] Remove test tag
* [ML] Stabilize canvas element test by rounding color values
* [ML] Adjust color tolerance values
* [ML] Further color tolerance adjustments
* [ML] Adjust more color tolerance expected values
* [ML] More color stat adjustments
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Pete Harverson <pete@elastic.co>
* [Uptime] add throttling parameters to the browser synthetic monitor form
This commit adds three fields to the browser synthetic monitor creation
form, these fields are: `download_speed`, `upload_speed`, and `latency`.
Each of these fields is used to test how applications behave under
particular network conditions.
This commit closes#114155.
* [Uptime] add functional tests for synthetic monitors throttling fields
* [Uptime] add toggling for throttling fields
* [Uptime] add normalizer for editing browser throttling fields
Co-authored-by: Lucas F. da Costa <lucas@lucasfcosta.com>
* Do not add fields to index patterns
* remove redundant tests
* install index patterns before package install
* update remove comment
* use import to create package assets
Here I have also moved to importing all assets at once. This is essential when importing to ensure that all saved objects references are imported at once. There is also an efficiencey improvement.
* Import index patterns
* use resolve when deleting index patterns
* fix: asset type validation
* add option to override supported import types
* make ml-module importable
* Revert "add option to override supported import types"
This reverts commit 1f48e6ee193fea5e5cb0f37c70cbfa7ae47eeab5.
* remove hidden: false from ml-module
* use resolve when deleting assets
* make security-rule SO type importable
* use bulkResolve to get package assets
* fix tests
* fix 'multiple' tests
* remove unused function
* create index patterns at the same time as other assets
* remove unused test
* Fix integration tests
We were checking for an error before the import was complete.
* tidy for PR
* add missing test assets
* do not attempt to delete missing assets
* resolve any reference errors that occur on import
* await installKibanaAssets immediately
* show assets not found when assets installed in a different space
* fix delete asset check on force upgrade
* add comment about reference errors
* remove a couple of appContextService dependencies
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
* [Discover] fix csv report for filtered discover result on dashboard
* [Discover] fix tests
* [Discover] add functional test
* [Discover] fix the case when timeFilter was not applied, but others filters were applied for non time based data views
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
# Conflicts:
# src/plugins/discover/public/application/apps/main/utils/get_sharing_data.ts
Co-authored-by: Dmitry Tomashevich <39378793+Dmitriynj@users.noreply.github.com>
* Wire Fleet setup status to core Kibana status API
* Remove fake error from testing 🙃
* Apply suggestion for PR review
Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com>
* Add error message to meta upon Fleet setup failure
* Mark fleet as available if setup fails - for now
* Fix failing API key tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com>
Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com>
## Summary
See: https://github.com/elastic/kibana/issues/110903
This removes the top level API `export *` spots from:
* `security_solution` plugin
by removing _all_ the exports from `security_solution/common/index.ts` since non of those were shared outside this plugin. Look at the metrics from the build below and you will see _huge_ drops off numbers across the board for required API documentation to the page load size.
In the file `security_solution/common/index.ts` I now put the advice of:
```
// Careful of exporting anything from this file as any file(s) you export here will cause your page bundle size to increase.
// If you're using functions/types/etc... internally it's best to import directly from their paths than expose the functions/types/etc... here.
// You should _only_ expose functions/types/etc... that need to be shared with other plugins here.
```
But really I doubt we will have to share anything from `security_solutions` plugin to another plugin or expose it for anyone else. So I think this is 👍 the way forward to not expose anything directly from `security_solution/common/index.ts` anymore.
* Re-enable registry version check
* Update registry image
* Use dockerized registry for base x-pack api integration and functional tests
* Revert "Use dockerized registry for base x-pack api integration and functional tests"
This reverts commit 2fd4ec17d4.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add AlertStatus types
* Add alert status filter component
* Remove Filter in action from the t grid table
* Update group buttons to applied Alert status filter instead of Workflow status
* Keep the Alert status button in sync when typing and first page load
* Fix data test object name and translation keys label
* Add possibility to hide the bulk actions
* Update how hide the bulk actions
* Fix showCheckboxes hardcoded "true". Instead use the leadingControlColumns props
* Hide the leading checkboxes in the T Grid with the bulk actions
* Update showCheckboxes to false
* Fix test as the leading checkboxes are hidden
* Update tests
* Get back disabledCellActions as it's required by T Grid
* Update tests to skip test related to Workflow action buttons
* Skip workflow tests
* Revert fix showCheckboxes
* Remove unused imports
* Revert the o11y tests as the checkBoxes fix is reverted
* Reactive the tests effected by checkBoxes
* Skip alert workflow status
* [Code review] use predefined types
* Remove unused prop
* Use the alert-data index name in the RegEx
* Detect * in KQL as "show al"l alert filter
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
