## Summary
The various unused credential methods supported by both the KSPM->EKS
and CSPM->AWS methods are not cleared out when a package is saved. As
there are currently two components on the frontend which allow the user
to specify their aws credential method, I've added hooks for both the
'packagePolicyCreate' and 'packagePolicyUpdate' methods in fleet to the
CSP serverside plugin. Both these hooks will pass the policy to a
cleanCredentials function which checks the 'aws.credentials.type' var to
determine which fields should be cleared out.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR adds FTR tests for "not-installed" states of Findings page
Contributes to:
- https://github.com/elastic/kibana/issues/155657
## How to test
run in separate terminals
```
yarn test:ftr:server --config x-pack/test/cloud_security_posture_functional/config.ts
```
and
```
yarn test:ftr:runner --include-tag=cloud_security_posture_findings_onboarding --config x-pack/test/cloud_security_posture_functional/config.ts
```
## Summary
Change config merging behaviour, so that arrays are not
merged/concatenated but replaced.
Closes: #162842
Related to: https://github.com/elastic/kibana/pull/161884
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Risk score from new Risk Engine showing in UI
What happened in this pr:
1. We create the latest transform and index on the `init` call when we
install resources for Risk Engine. The original plan was to just get
some API layer around our datastream with historical data. But it's not
possible in one all to achieve pagination/sorting/filtering of risk
scores, so we decided to create transforms.
Latest transform: `risk_score_latest_transform_${spaceId}`
Latest Index: `risk-score.risk-score-latest-${spaceId}`
2. To get the risk score to UI we use the existing search strategy from
the old risk score module, and just pass the new index to the search
3. UI are the same except for the single host/user risk score page, when
we change the explanation parts and instead of the old UI, we will show
alerts table with grouping etc.
<img width="1365" alt="Screenshot 2023-08-09 at 16 19 20"
src="0a850b2e-d3d5-4b06-948d-c129dbf754f0">
4. Temporarily pass experimentalFeutres to rule wrapper and bulk create
as we need to know, which index to use for alert enrichment on ingest
time. It will be removed after we decide to release a new Risk Engine
5. Limiting to have only 2 risk scores per kibana
<img width="972" alt="Screenshot 2023-08-10 at 16 00 42"
src="9cc3c545-2ace-42d9-a2f3-ff771c7e5abd">
Because of limited timeframe before FF, majority of UI tests will be
added after FF
## How to test
`xpack.securitySolution.enableExperimental: ['riskScoringRoutesEnabled']
`
- Go to Settings -> Entity
Risk Score
- Enable risk score module
- Generate some alerts with host.name or user.name
- Call from Kibana console calculation API
```
POST kbn:/api/risk_scores/calculation
{
"data_view_id": ".alerts-security.alerts-default",
"identifier_type": "user",
"range": { "start": "now-30d", "end": "now" }
}
POST kbn:/api/risk_scores/calculation
{
"data_view_id": ".alerts-security.alerts-default",
"identifier_type": "host",
"range": { "start": "now-30d", "end": "now" }
}
```
- Go to Security / Explore / Hosts / Hosts Risk and see risk scores
- - If host page not available because it's required integrations, easy
fix to create filebeat index
```
PUT filebeat-8.10
{
"mappings": {
"properties": {
"@timestamp": {
"type":"date"
},
"host": {
"type": "object",
"properties": {
"name": {
"type": "keyword"
}
}
}
}
}
}
```
- Click on any and go to the single host/user risk page and go to
Host/User risk tab
- Observe the alerts table for top risk core contributors
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
## Summary
fixes https://github.com/elastic/kibana/issues/156741
Scenario | Old Test | Functional test where it is covered
-- | -- | --
'checks draft comment persist behaviour with another markdown user
action update' | 'it should persist the draft of new comment while
existing old comment is updated' | 'should persist the draft of new
comment while old comment is updated'
<br class="Apple-interchange-newline">
### Flaky test runner:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2869
### Checklist
features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This enables the content plugin within Search when Enterprise Search is
not up. Crawler indices are made inaccessible as disentangling their
logic is too complicated to make sense.
300236c8-06b6-4052-8ed0-adb6f2a64564
88faba9a-cb49-412c-84e3-394e04bb04c4
62dc5d5d-a6c5-4d18-969a-2da971adb794
feature
## Summary
This PR adds a dev feature flag
`xpack.index_management.dev.enableIndexDetailsPage` that will allow us
to build out the new index details page in small iterations. Without the
flag, the UI of Index Management is not changed. A skeleton component is
created for the details page (see screenshot below).
### How to test
1. Test the Index Management UI (Indices tab) without the flag and check
that no changes were introduced
1. Add `xpack.index_management.dev.enableIndexDetailsPage: true` to the
file `/config/kibana.dev.yml`
2. Navigate to the Indices tab in Index Management, toggle "hidden
indices" if no indices exist and click any index name
3. Check that the new index details page is displayed
4. Check that the tabs on the page are working
### Screenshots
<img width="1209" alt="Screenshot 2023-08-09 at 19 17 46"
src="e654ef36-ccf3-40a4-8c7b-750b83defef5">
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Originally fixed in https://github.com/elastic/kibana/pull/83836
**Problem**
When running in basic mode and navigates to the transactions details
page a toast is display with the warning:
>To create custom links, you must be subscribed to an Elastic Gold
license or above. With it, you'll have the ability to create custom
links to improve your workflow when analyzing your services.
This is caused by a request to `GET internal/apm/settings/custom_links`.
This PR ensures that only when users have a valid license custom links
will be attempted loaded
<img width="1705" alt="image"
src="60c59c87-9837-4fbb-8172-5a4add121db0">
## Summary
Remove superuser requirement in PackageService and replacing it with the
same privilege requirement as the API uses.
`PackageService` was introduced in
https://github.com/elastic/kibana/pull/121589
@joeypoon Is it okay for security team to change these privileges?
WIP, added only for `ensureInstalledPackage` for now.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR uses the new script to generate autocomplete definitions for Dev
Tools Console from the ES specification repo.
#### Definitions changes
- New property `availability` is added to filter out endpoints that are
not available in Serverless
- Some endpoints' query parameters have more details now, for example
common query params are now defined in definitions
```json
"url_params": {
"error_trace": "__flag__",
"filter_path": [],
"human": "__flag__",
"pretty": "__flag__"
},
```
- Url components in few endpoints are removed, but those were added to
overrides files in https://github.com/elastic/kibana/pull/163096
- Documentation links contain `{branch}` instead of `master` (fix for
that added in https://github.com/elastic/kibana/pull/159241)
#### Script changes
- The logic for generating `availability` for endpoint has been updated
based on the feedback from the Clients team. Details added to the script
file.
- Added a few "safe guards" to the spots in the script where an
unexpected type of data might be coming from the ES specification schema
#### Console changes
- Fixed the autocomplete request on Serverless (we might need a proper
fix for that, details in
https://github.com/elastic/kibana/issues/163318)
Also updates to readme files both in Console and the new script.
I will remove the old script in a separate PR.
## Screenshots
"ILM" autocomplete suggestions displayed on stateful
<img width="583" alt="Screenshot 2023-08-07 at 17 47 48"
src="641a48b0-fb1a-4d3b-a8c9-99eab8795510">
"ILM" autocomplete suggestions not displayed on serverless
<img width="572" alt="Screenshot 2023-08-07 at 17 35 16"
src="a1ee5468-eb9f-4f52-81d5-c661b06f8ceb">
## How to test
- Start Kibana on stateful (`yarn start`) and check that autocomplete
suggestions are working as before (no changes)
- Start Kibana on serverless (`yarn start --serverless`) and check that
autocomplete suggestions are not displayed for endpoints
blocked/internal on serverless.
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Closes#163821
## Summary
This PR adds a tooltip for the custom equation and updates its message,
similar to what we have in SLO.
|Before|After|
|---|---|
||
## Summary
This PR removes filtering vulnerabilities where the `severity` field is
missing or is different from CRITICAL, HIGH, MEDIUM or LOW. Right now
this is handled ok in the data grid but won't be reflected in the
severity map or trend chart components.
<img width="1728" alt="Screenshot 2023-08-08 at 17 42 46"
src="45ccf860-0cb7-4b03-ab51-5720dd7f90f9">
fixes
- https://github.com/elastic/security-team/issues/7289
## Summary
closes: https://github.com/elastic/kibana/issues/157847
The new links and pages in Security Solution for Serverless:
- `Investigations`
- `Timelines`
- `Osquery`
- `Assets`
- `Fleet` (and all its sub-links)
- `Endpoints` (and all its sub-links)
- `Cloud defend` (and all its sub-links)
- Callout with button linking `Integrations` in Project Setting
- `Project settings`
- `Users & roles` (Cloud UI)
- `Billing & consumption` (Cloud UI)
- `Integrations` (link to integrations with _/browse/security_ path
parameter)
- `Entity risk score` (link currently under the
`riskScoringRoutesEnabled` experimental flag)
- `Management` accordion with a set of (stack) management categories and
pages links
Sections updated:
(ESS & Serverless) `Rules` links have been updated according to new
specs.
(ESS) The `Settings` page was renamed back to `Manage`.
(Serverless) The `Dev tools` link was moved to the bottom of the side
navigation.
#### Cypress tests for serverless:
They will be implemented in a follow-up PR when the infrastructure is
ready https://github.com/elastic/kibana/pull/162698
## Screenshots
### Serverless
Investigations:
Assets:
Rules:
Project Settings:
## ESS
Side Navigation:
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tomasz Ciecierski <ciecierskitomek@gmail.com>
Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
## Summary
- Fixes the loading of the Host Isolation sub-feature control into
kibana - should always be loaded and includes only the `release`
privilege in it
- Fixes the "Take action" menu items for Host Isolation (displayed in
alert details) to ensure `release` is displayed when host is isolated
and user has `release` privilege only
- Endpoint Response console will now NOT be available to users who only
have `release` response action (this is a downgrade scenario where the
user is still allowed to `release` isolated hosts)
## Summary
Originally I made a PR to add the icon into eui Library, however they
told me that they no longer support adding 3rd party logo into eui
library as such we will need to add it to Kibana instead.
This Changes includes changing the GCP logo on
- Findings flyout
- Benchmark flyout
- Dashboard
- CSPM and CNVM onboarding page (GCP tab)
<img width="795" alt="Screenshot 2023-08-14 at 9 47 25 AM"
src="53e3aafa-7f3d-4c8f-b20c-ec365693ed88">
<img width="1223" alt="Screenshot 2023-08-14 at 9 33 58 AM"
src="2fcdf9ad-8088-42c4-bb32-d6cdf12d02bc">
<img width="563" alt="Screenshot 2023-08-14 at 9 35 36 AM"
src="5c63d03a-f929-4e5c-80e7-04d8327c7acb">
<img width="754" alt="Screenshot 2023-08-14 at 9 37 40 AM"
src="cd5bc65b-3118-4d1c-a943-7a12518ad5e6">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
`85.1.0` ➡️ `86.0.0`
⚠️ The biggest change in this PR is migrating the `react-beautiful-dnd`
dependency to it's open-source forked successor, `@hello-pangea/dnd`.
This new fork has better typescript support and additionally supports
both React 17 and React 18.
## [`86.0.0`](https://github.com/elastic/eui/tree/v86.0.0)
- Added React 18 support (StrictMode not yet supported).
([#7012](https://github.com/elastic/eui/pull/7012))
**Deprecations**
- Deprecated `euiPaletteComplimentary`; Use `euiPaletteComplementary`
instead. ([#6992](https://github.com/elastic/eui/pull/6992))
**Breaking changes**
- Replaced the underlying drag-and-drop library from
`react-beautiful-dnd` to its fork `@hello-pangea/dnd`
([#7012](https://github.com/elastic/eui/pull/7012))
([#7012](https://github.com/elastic/eui/pull/7012))
- No code updates are needed if using only `<EuiDragDropContext>`,
`<EuiDroppable>` and `<EuiDraggable>` with no direct imports from
`react-beautiful-dnd`. In case you were importing things from
`react-beautiful-dnd` and using them together with EUI components, you
need to switch to `@hello-pangea/dnd` which has cross-compatible API.
---------
Co-authored-by: Tomasz Kajtoch <tomasz.kajtoch@elastic.co>
Co-authored-by: Tomasz Kajtoch <tomek@kajto.ch>
Co-authored-by: Cee Chen <549407+cee-chen@users.noreply.github.com>
Co-authored-by: Drew Tate <andrew.tate@elastic.co>
**Relates to:** https://github.com/elastic/kibana/issues/158246
## Summary
If activity filter contains both allowed values `enabled` and `disabled` simultaneously Coverage Overview endpoint returns the response filtered by the first value only.
This PR fixes wrong behavior os if `enabled` and `disabled` values are set simultaneously the response contains combined results for both `enabled` and `disabled` activity filter values.
For example a request like below
```sh
curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -d '{"filter":{"activity": ["enabled","disabled"]}}' http://localhost:5601/kbn/internal/detection_engine/rules/_coverage_overview --verbose
```
would produce the same response as the following request
```sh
curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' http://localhost:5601/kbn/internal/detection_engine/rules/_coverage_overview --verbose
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
