## Summary
Resolves https://github.com/elastic/kibana/issues/162366
## Release note
Added a troubleshooting enhancement for Kibana CSV export to allow users
to inspect the queries used for collecting all of the data.
## Other changes:
* Expose the reporting `csv.scroll` settings to the browser.
* Lazy-load the report job info panel component.
* Fix a few mixups of "setup" and "start" contracts.
## Screenshots
<details>
<summary>Option in Stack Management for CSV report jobs</summary>
</details>
<details>
<summary>Screencast</summary>
a2fba0f4-0ede-4d97-aad3-4b13351e24a3
</details>
## Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sébastien Loix <sabee77@gmail.com>
Co-authored-by: Sébastien Loix <sebastien.loix@elastic.co>
## Summary
Closes https://github.com/elastic/kibana/issues/166870
Closes https://github.com/elastic/kibana/issues/172525
- Adds a new `preset` field to output saved objects
- Updates REST spec payloads to allow `preset` field in `POST/PUT`
requests to the `/api/fleet/outputs` endpoint
- Adds logic to set default `preset` to `balanced` or `custom` based on
whether a reserved key exists in `output.config_yaml`
- Adds UI to the output settings flyout for providing a preset
- Adds backfill logic to Fleet `setup` that updates all existing outputs
+ redeploys their associated policies to ensure the proper `preset` is
provided on all policies
## To do
- [x] Fix failing tests
- [x] Add a lot of tests + testing instructions
- [x] Allow preconfigured outputs to specify a preset
- [x] Update OpenAPI spec for outputs API
- [x] Disable `EuiSelect` when output is managed
- [x] Add in-product link to performance preset docs once they exist
(might have to be a follow-up? (Follow up:
https://github.com/elastic/kibana/issues/172523)
- [x] Parse YML box contents instead of using basic string lookup for
forcing `custom` preset (Follow up:
https://github.com/elastic/kibana/issues/172525)
## How to test
1. Create a new Elasticsearch output
2. Observe the `Performance preset` dropdown defaults to `balanced`
3. Add a performance setting to the custom YAML box e.g. `bulk_max_size:
1000`
4. Note the callout with the list of reserved keys
5. Note that the dropdown switches to `Custom` and is now disabled
6. Remove the offending key
7. Note the dropdown returns to its normal state
8. Save the output
9. Edit the output and observe the same behaviors
For the backfill
1. Create a local environment with multiple elasticsearch outputs on
`main`
2. Stop Kibana
3. Checkout this PR branch
4. Restart Kibana
5. Observe the ES outputs have been updated to include the appropriate
`preset` value
## Screenshots + Screen recordings
0c25a15e-938d-4747-8846-d51a9ad01968
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR adds a bunch of plugins to help manage AI Assistant Management
settings.
It offers a 'selection' plugin inside Stack Management where a user can
select which AI Assistant she wants to manage.
The Security team can hook into this one, so settings for both AI
Assistants can be accessed from inside one place inside Stack
Management.
This PR also adds the plugin to manage settings for the AI Assistant for
Observability, including Knowledge Base management. This plugin is
available both in Stack Management (stateful) and Project Settings
(serverless).
## What it looks like
51392ec5-05c9-4947-9bf2-810d8d0b7525
## Detailed
1. **Adds a Stack Management plugin**
(`/src/plugins/ai_assistant_management/selection`). Its primary function
is to render a selection screen to help users navigate to the settings
plugin for the AI Assistant for a specific solution. This plugin is
displayed in Stack Management, which is only available in stateful
versions of Kibana.
2. **Adds a AI Assistant for Observability Settings plugin**
(`/src/plugins/ai_assistant_management/observability`). This plugin
allows management of specific Observability AI Assistant settings. It is
available in stateful versions of Kibana (via the aforementioned Stack
Management plugin) or in serverless versions via Project Management.
3. **Knowledge Base management for Observability AI Assistant**: The AI
Assistant for Observability Settings plugin has a Knowledge Base tab,
which allows users to add / read / update / delete and bulk import
entries into the Knowledge Base of the Observability AI Assistant.
4. **Moving of KB endpoints in Observability AI Assistant plugin**: KB
endpoints and functions were located in the same folder. As this PR adds
new endpoints for the KB for CRUD operations, it also moves the existing
ones from the function folder into a dedicated one so there's a clearer
distinction between kb and functions.
5. **Adding of GenAI Connector inside Chat Flyout**: If the user has
admin rights, it is possible to set up a GenAI connector from within the
Observability AI Assistant Chat Flyout. This provides a faster and more
seamless onboarding experience. If the user does not, she will be
redirected to the Settings page.
## Bug fixes
* Fixes chat item styling issues (padding, background color).
## How to test
* Check if the Stack Management plugin works on stateful
* Check if the AI Assistant Settings plugin works on stateful +
serverless
* Check if CRUD operations on KB work
* Check if searching on KB entries work
* Check if its possible to navigate to KB tab directly
(`app/management/kibana/aiAssistantManagementObservability?tab=knowledge_base`)
## Todo
- [x] Add sorting to getEntries
- [x] Add params for tab routing
- [x] Add unit tests
- [ ] Add API tests
- [ ] Add fallback for already indexed entries when searching
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR updates the callouts in the Endpoint Policy where we mention the
detection rules associated with Endpoint. This makes it more current and
provides a docs link with more details.
- Banner is added to the top of the Policy page
- Individual banners are removed from the individual cards
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This PR populates the existing `kibana.alert.workflow_user` field in the
alerts-as-data mappings with the `profile_uid` of the last user to
modify the status of the alert. It also adds a new field,
`kibana.alert.workflow_status_updated_at`, to track the last time the
workflow status was updated and populates it with a timestamp.
Similar to the alert assignment PR, `workflow_user` renders in the table
with a user avatar instead of the raw `profile_uid` value stored in the
alert. The filter in/out buttons on the row cell automatically add a
filter that uses the raw value so that filtering works correctly.
Due to limitations of Kibana's user profile implementation,
`workflow_user` is only populated if a user changes the alert status
using the alert status route (`POST
/api/detection_engine/signals/status`) within an interactive session,
i.e. logs in rather than passes credentials with each API request
([related issue](https://github.com/elastic/kibana/issues/167459)).
## Alerts table
## Alert details
### Checklist
- [ ] Functional changes are hidden behind a feature flag. If not
hidden, the PR explains why these changes are being implemented in a
long-living feature branch.
- [x] Functional changes are covered with a test plan and automated
tests.
- [x] Stability of new and changed tests is verified using the [Flaky
Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner).
- Flaky test run:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4130
- [ ] Comprehensive manual testing is done by two engineers: the PR
author and one of the PR reviewers. Changes are tested in both ESS and
Serverless.
- [x] Mapping changes are accompanied by a technical design document. It
can be a GitHub issue or an RFC explaining the changes. The design
document is shared with and approved by the appropriate teams and
individual stakeholders.
- https://github.com/elastic/security-team/issues/4820
- [x] Functional changes are communicated to the Docs team. A ticket or
PR is opened in https://github.com/elastic/security-docs. The following
information is included: any feature flags used, affected environments
(Serverless, ESS, or both).
- https://github.com/elastic/security-docs/issues/4325
## Summary
This adds an API key panel to the Search Hub.
8d0458bd-26e1-40c4-9643-1a91f3924911
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This PR:
* extracts `enterprise_search` index documents component to common
package.
* Uses EUI pagination, converting Elasticsearch`from` & `size` to EUI
pagination standard for documents list
### Screen Recording
f585d9cc-f92c-44f4-aead-23c75c107a0f
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes non-wrapping of a single word values:
It worked correctly for long values that are multi words, that's why I
didn't notice it.
<img width="437" alt="Screenshot 2023-12-05 at 10 03 51"
src="2713a65e-c3fb-4bbb-a6f5-49f6cc00ac11">
It was caused by last minute change in my
[PR](https://github.com/elastic/kibana/pull/171076) here: where I
swapped `word-break: break-word;` (deprecated) to `overflow-wrap:
break-word;` which is not equivalent. Changing the value to `anywhere`
solves it.
## Summary
[Test
env](https://p.elstc.co/paste/Y83spa-G#0BRN87aMZxLJfbVok3W0U-7D/sss9OGfH9IIqw4oHL6)
1. When landing on the page the first time, all the tasks are collapsed.
If visited before, it keeps the last expanded task.
2. When clicking on the task, the url has the task id appended as
`#{taskId}`
3. When visiting the page, if url has `#{taskId}`, the relevant task
should be expanded. If no `#{taskId}` in the url, it expands the last
expanded task according to **local storage**.
4. Tasks completion are checked automatically, users are not able to
undo any tasks unless the **local storage** is cleanned.
5. Task completion criteria:
https://github.com/elastic/security-team/issues/8032 `Onboarding tasks
with success criteria`:
- [x] "create first project" -> ~unexpandable~, already complete when
user arrives
- [x] "watch overview video" -> user clicks to expand (success == users
opens section/clicks "Start")
- [x] "add integrations" -> users clicks to expand and goes to
integration page (success == query fleet to confirm an agent exists with
an integration) `Update we use **indicesExist** from sourcerer to
replace fleet api as some performance issue found when running locally,
not sure how it will affect the production.`
- [x] - after user clicks "Start" and expands, if success criteria is
already met (e.g. agent is installed with an integration), notify user
agent is installed and mark step as complete.
- [x] "view and analyze dashboards" -> users clicks to expand (success
== click action)
- [x] "enable prebuilt rules" -> clicks to expand (success == at least
one rule **enabled**, show enabled rules like integrations above)
- [x] "view alerts" -> user clicks to expand (success == click action)
6. Design:
https://github.com/elastic/kibana/pull/171078#issuecomment-1828562066https://github.com/elastic/kibana/issues/170643
<img width="2556" alt="Screenshot 2023-12-04 at 16 47 48"
src="c98eb2f5-6b31-43f9-9db5-0829e78bb3c2">
<img width="2548" alt="Screenshot 2023-12-04 at 16 29 50"
src="41cb329c-417f-4b95-b19b-67663380a9a3">
<img width="2546" alt="Screenshot 2023-12-04 at 16 30 47"
src="daa3cf3b-9d2e-4c69-83f1-fcc4817f6b8f">
- Integration added:
1f9aefe4-c20b-4d46-b8b0-1aabf8bd7091
- Integration not added:
8b0d6c6b-0bae-4857-aeb1-715f9f4080b8
29432bfe-f270-4e5e-a1c9-86ad806ea5bb
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sergi Massaneda <sergi.massaneda@gmail.com>
## Summary
Partially resolves: https://github.com/elastic/kibana/issues/164255,
this is 2/3 of the scoped query changes.
Maintenance window scoped query frontend changes. Adds the ability to
add and edit scoped query for maintenance windows. Due to limitations
with the alerts search bar and each solution fetches AAD fields, we only
allow users to associate scoped query with 1 category (manangement,
o11y, or security solution). The intended usage in this case is for the
user to create multiple maintenance windows if they wish to apply scoped
queries to multiple solutions.
### To test:
go to
`x-pack/plugins/alerting/public/pages/maintenance_windows/constants.ts`
and set `IS_SCOPED_QUERY_ENABLED` to `true`
### Scoped query off, multiple category allowed:
### Scoped query on, multiple category disallowed:
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
### This PR enables user roles testing in FTR
We use SAML authentication to get session cookie for user with the
specific role. The cookie is cached on FTR service side so we only make
SAML auth one time per user within FTR config run. For Kibana CI service
relies on changes coming in #170852
In order to run FTR tests locally against existing MKI project:
- add `.ftr/role_users.json` in Kibana root dir
```
{
"viewer": {
"email": "...",
"password": "..."
},
"developer": {
"email": "...",
"password": "..."
}
}
```
- set Cloud hostname (!not project hostname!) with TEST_CLOUD_HOST_NAME,
e.g.
`export TEST_CLOUD_HOST_NAME=console.qa.cld.elstc.co`
### How to use:
- functional tests:
```
const svlCommonPage = getPageObject('svlCommonPage');
before(async () => {
// login with Viewer role
await svlCommonPage.loginWithRole('viewer');
// you are logged in in browser and on project home page, start the test
});
it('has project header', async () => {
await svlCommonPage.assertProjectHeaderExists();
});
```
- API integration tests:
```
const svlUserManager = getService('svlUserManager');
const supertestWithoutAuth = getService('supertestWithoutAuth');
let credentials: { Cookie: string };
before(async () => {
// get auth header for Viewer role
credentials = await svlUserManager.getApiCredentialsForRole('viewer');
});
it('returns full status payload for authenticated request', async () => {
const { body } = await supertestWithoutAuth
.get('/api/status')
.set(credentials)
.set('kbn-xsrf', 'kibana');
expect(body.name).to.be.a('string');
expect(body.uuid).to.be.a('string');
expect(body.version.number).to.be.a('string');
});
```
Flaky-test-runner:
#1https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4081#2https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4114
---------
Co-authored-by: Robert Oskamp <traeluki@gmail.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
## Summary
In this PR we:
* Allow using JWT credentials to grant API keys
* Extend default value of `elasticsearch.requestHeadersWhitelist` to
include both `authorization` and `es-client-authentication` to support
JWT with required client authentication _by default_. See
https://www.elastic.co/guide/en/elasticsearch/reference/8.11/jwt-auth-realm.html#jwt-realm-configuration
* Add API integration tests for both JWTs with client authentication and
without it
__NOTE:__ We're not gating this functionality with the config flag
(`xpack.security.authc.http.jwt.taggedRoutesOnly`) as we did for the
Serverless offering. It'd be a breaking change as we already implicitly
support JWT authentication without client authentication, and to be
honest, it's not really necessary anyway.
## Testing
Refer to the `Testing` section in this PR description:
https://github.com/elastic/kibana/pull/159117.
Or run already pre-configured Kibana functional test server:
1. `node scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/api_keys.config.ts`
2. Create a role mapping for JWT user:
```bash
curl -X POST --location "http://localhost:9220/_security/role_mapping/jwt" \
-H "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d "{
\"roles\": [ \"superuser\" ],
\"enabled\": true,
\"rules\": { \"all\": [{\"field\" : { \"realm.name\" : \"jwt_with_secret\" }}] }
}"
```
3. Send any Kibana API request with the following credentials:
```bash
curl -X POST --location "xxxx"
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2tpYmFuYS5lbGFzdGljLmNvL2p3dC8iLCJzdWIiOiJlbGFzdGljLWFnZW50IiwiYXVkIjoiZWxhc3RpY3NlYXJjaCIsIm5hbWUiOiJFbGFzdGljIEFnZW50IiwiaWF0Ijo5NDY2ODQ4MDAsImV4cCI6NDA3MDkwODgwMH0.P7RHKZlLskS5DfVRqoVO4ivoIq9rXl2-GW6hhC9NvTSkwphYivcjpTVcyENZvxTTvJJNqcyx6rF3T-7otTTIHBOZIMhZauc5dob-sqcN_mT2htqm3BpSdlJlz60TBq6diOtlNhV212gQCEJMPZj0MNj7kZRj_GsECrTaU7FU0A3HAzkbdx15vQJMKZiFbbQCVI7-X2J0bZzQKIWfMHD-VgHFwOe6nomT-jbYIXtCBDd6fNj1zTKRl-_uzjVqNK-h8YW1h6tE4xvZmXyHQ1-9yNKZIWC7iEaPkBLaBKQulLU5MvW3AtVDUhzm6--5H1J85JH5QhRrnKYRon7ZW5q1AQ'
-H 'ES-Client-Authentication: SharedSecret my_super_secret'
....for example....
curl -X GET --location "http://localhost:5620/internal/security/me" \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2tpYmFuYS5lbGFzdGljLmNvL2p3dC8iLCJzdWIiOiJlbGFzdGljLWFnZW50IiwiYXVkIjoiZWxhc3RpY3NlYXJjaCIsIm5hbWUiOiJFbGFzdGljIEFnZW50IiwiaWF0Ijo5NDY2ODQ4MDAsImV4cCI6NDA3MDkwODgwMH0.P7RHKZlLskS5DfVRqoVO4ivoIq9rXl2-GW6hhC9NvTSkwphYivcjpTVcyENZvxTTvJJNqcyx6rF3T-7otTTIHBOZIMhZauc5dob-sqcN_mT2htqm3BpSdlJlz60TBq6diOtlNhV212gQCEJMPZj0MNj7kZRj_GsECrTaU7FU0A3HAzkbdx15vQJMKZiFbbQCVI7-X2J0bZzQKIWfMHD-VgHFwOe6nomT-jbYIXtCBDd6fNj1zTKRl-_uzjVqNK-h8YW1h6tE4xvZmXyHQ1-9yNKZIWC7iEaPkBLaBKQulLU5MvW3AtVDUhzm6--5H1J85JH5QhRrnKYRon7ZW5q1AQ' \
-H 'ES-Client-Authentication: SharedSecret my_super_secret' \
-H "Accept: application/json"
----
{
"username": "elastic-agent",
"roles": [
"superuser"
],
"full_name": null,
"email": null,
"metadata": {
"jwt_claim_sub": "elastic-agent",
"jwt_token_type": "access_token",
"jwt_claim_iss": "https://kibana.elastic.co/jwt/",
"jwt_claim_name": "Elastic Agent",
"jwt_claim_aud": [
"elasticsearch"
]
},
"enabled": true,
"authentication_realm": {
"name": "jwt_with_secret",
"type": "jwt"
},
"lookup_realm": {
"name": "jwt_with_secret",
"type": "jwt"
},
"authentication_type": "realm",
"authentication_provider": {
"type": "http",
"name": "__http__"
},
"elastic_cloud_user": false
}
```
__Fixes:__ https://github.com/elastic/kibana/issues/171522
----
Release note: The default value of the
`elasticsearch.requestHeadersWhitelist` configuration option has been
expanded to include the `es-client-authentication` HTTP header, in
addition to `authorization`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes#170497
<img width="483" alt="Screenshot 2023-11-16 at 1 25 18 PM"
src="4d974eab-9641-4618-b52a-2facf4c07667">
Adds scope dropdown to ES Query rules created from Discovery. If Logs or
Metrics are selected, rules created here will be visible in
Observability.
Also makes `Logs` the default consumer when creating a rule from either
Discovery and Observability.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR is a starting point for fixing issues about cold and frozen
tiers hits in analyzer.
It introduces another filter to analyzer queries, preventing us from
hitting beforementioned documents.
Relevant setting:
- Closes https://github.com/elastic/kibana/issues/172023
## Summary
As
[eui](8eb7277ffd/src/components/datagrid/controls/column_sorting.tsx (L44-L57))
triggers `onSort` for `EuiDataGrid` when `sort` array includes fields
which are not present in `columns` array, it changes the app state. This
results in "unsaved changes" badge although user can't know why.
This PR makes sure that state is not modified when unknown sorting
fields are persisted inside a saved search and user opens such search.
To reproduce the mentioned issue:
- Add columns to the table and define their sorting
- Save the search
- Reopen the search and remove one of the columns which had custom
sorting
- Save the search
- Now open Discover again and reopen the search.
With this PR, "unsaved changes" badge would not appear.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Fixes https://github.com/elastic/kibana/issues/169760
Related to https://github.com/elastic/kibana/issues/171425
## Summary
[Fleet] Replace dataviews suggestions in KQL searchboxes with internal
ones. Now using Fleet mappings to create the suggestions fields instead
of fetching them through dataView plugin.
This is done for two reasons:
- Solves [permission
problems](https://github.com/elastic/kibana/issues/169760) when the user
doesn't have privileges to read Fleet indices
- Allows us to search only those mappings that we want to expose,
instead of all of them
Only weird thing is that the [querystring
component](1f8c816901/src/plugins/unified_search/public/query_string_input/query_string_input.tsx (L161))
has a cap to show max 50 suggestions. Since for agents suggestions we
are showing some more fields, so the ones starting with `u` are not
visible anymore. I though I had a bug in the way I was creating the
`fieldsMap` but in reality there's no way to show more suggestions than
50 (without touching the original component, which I would gladly
avoid).
### Screenshots
There should be no visible difference with the current suggestions.
<details>
<summary>Agents</summary>
</details>
<details>
<summary>Agent policies</summary>
</details>
<details>
<summary>Enrollment keys</summary>
</details>
### Testing
1. With a normal user, navigate to the "agents", "agent policies" and
"enrollment keys" tabs and click on the searchboxes. The suggestions
should be visible as normal
2. Create a user with role Fleet "all", Integrations "all". Log in and
check the above searchboxes, the suggestions should be visible as
normal. Previously they weren't.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
- Removes old flamegraph code replacing it with the ES Flamegraph API
- Creates new user settings
- Adds a feature flag to use the kibana CO2/Cost calculations instead of
the new version
- Reads CO2 and Cost from /Stacktraces and /Flamegraph APIs
Where do we show the CO2 and Cost values?
- Flamegraph toolip
- Flamegraph Frame information flyout
- Diff Flamegraph Summary
- Functions table
- Function information flyout
- Diff Functions Summary
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Using the docLinks service means documentation links will always point
to the correct version of the docs for the current Kibana version, not
just the latest docs.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
With this PR we introduce a new Alert User Assignment feature:
- It is possible to assign a user/s to alert/s
- There is a new "Assignees" column in the alerts table which displays
avatars of assigned users
- There is a bulk action to update assignees for multiple alerts
- It is possible to see and update assignees inside the alert details
flyout component
- There is an "Assignees" filter button on the Alerts page which allows
to filter alerts by assignees
We decided to develop this feature on a separate branch. This gives us
ability to make sure that it is thoroughly tested and we did not break
anything in production. Since there is a data scheme changes involved we
decided that it will be a better approach. cc @yctercero
## Testing notes
In order to test assignments you need to create a few users. Then for
users to appear in user profiles dropdown menu you need to activate them
by login into those account at least once.
8eeb13f3-2d16-4fba-acdf-755024a59fc2
Main ticket https://github.com/elastic/security-team/issues/2504
## Bugfixes
- [x] https://github.com/elastic/security-team/issues/8028
- [x] https://github.com/elastic/security-team/issues/8034
- [x] https://github.com/elastic/security-team/issues/8006
- [x] https://github.com/elastic/security-team/issues/8025
## Enhancements
- [x] https://github.com/elastic/security-team/issues/8033
### Checklist
- [x] Functional changes are hidden behind a feature flag. If not
hidden, the PR explains why these changes are being implemented in a
long-living feature branch.
- [x] Functional changes are covered with a test plan and automated
tests.
- [x] https://github.com/elastic/kibana/issues/171306
- [x] https://github.com/elastic/kibana/issues/171307
- [x] Stability of new and changed tests is verified using the [Flaky
Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner).
- [x]
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4091
- [x] Comprehensive manual testing is done by two engineers: the PR
author and one of the PR reviewers. Changes are tested in both ESS and
Serverless.
- [x] Mapping changes are accompanied by a technical design document. It
can be a GitHub issue or an RFC explaining the changes. The design
document is shared with and approved by the appropriate teams and
individual stakeholders.
* https://github.com/elastic/security-team/issues/7647
- [x] Functional changes are communicated to the Docs team. A ticket or
PR is opened in https://github.com/elastic/security-docs. The following
information is included: any feature flags used, affected environments
(Serverless, ESS, or both). **NOTE: as discussed we will wait until docs
are ready to merge this PR**.
* https://github.com/elastic/security-docs/issues/4226
* https://github.com/elastic/staging-serverless-security-docs/pull/232
---------
Co-authored-by: Marshall Main <marshall.main@elastic.co>
Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sergi Massaneda <sergi.massaneda@gmail.com>
The PR fixes creds leaking in console logs when running Synth.
Synthtrace runs on CI as well where this is not secure to leak
credentials
## Before -
<img width="854" alt="image"
src="41aaeed7-6a2a-4cc6-aabd-d9f4261b861a">
## After
<img width="851" alt="image"
src="1da1392f-c6d3-4604-a802-c906ecd4de23">
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [elastic-apm-node](https://togithub.com/elastic/apm-agent-nodejs) |
[`^4.1.0` ->
`^4.2.0`](https://renovatebot.com/diffs/npm/elastic-apm-node/4.1.0/4.2.0)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>elastic/apm-agent-nodejs (elastic-apm-node)</summary>
###
[`v4.2.0`](https://togithub.com/elastic/apm-agent-nodejs/releases/tag/v4.2.0)
[Compare
Source](https://togithub.com/elastic/apm-agent-nodejs/compare/v4.1.0...v4.2.0)
For more information, please see the
[changelog](https://www.elastic.co/guide/en/apm/agent/nodejs/current/release-notes-4.x.html#release-notes-4.2.0).
##### Elastic APM Node.js agent layer ARNs
|Region|ARN|
|------|---|
|af-south-1|arn:aws:lambda:af-south-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-east-1|arn:aws:lambda:ap-east-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-northeast-1|arn:aws:lambda:ap-northeast-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-northeast-2|arn:aws:lambda:ap-northeast-2:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-northeast-3|arn:aws:lambda:ap-northeast-3:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-south-1|arn:aws:lambda:ap-south-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-southeast-1|arn:aws:lambda:ap-southeast-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-southeast-2|arn:aws:lambda:ap-southeast-2:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ap-southeast-3|arn:aws:lambda:ap-southeast-3:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|ca-central-1|arn:aws:lambda:ca-central-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|eu-central-1|arn:aws:lambda:eu-central-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|eu-north-1|arn:aws:lambda:eu-north-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|eu-south-1|arn:aws:lambda:eu-south-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|eu-west-1|arn:aws:lambda:eu-west-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|eu-west-2|arn:aws:lambda:eu-west-2:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|eu-west-3|arn:aws:lambda:eu-west-3:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|me-south-1|arn:aws:lambda:me-south-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|sa-east-1|arn:aws:lambda:sa-east-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|us-east-1|arn:aws:lambda:us-east-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|us-east-2|arn:aws:lambda:us-east-2:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|us-west-1|arn:aws:lambda:us-west-1:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
|us-west-2|arn:aws:lambda:us-west-2:267093732750:layer:elastic-apm-node-ver-4-2-0:1|
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/elastic/kibana).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: pgayvallet <pierre.gayvallet@elastic.co>
## Summary
Stored field handling is basically a dead code path. `['*']` is always
sent so lets push this closer to the query.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR forwards the `isLoading` parameter that is sent to the Grouping
component, to allow the consumer to customize groupPanelRenderers to
leverage that property while data is loading when switching between
groups.
Below is a recording demoing how a UI can leverage that option.
db8f476d-00cb-48d9-bdcd-d3c242bec79c
## Summary
This is a PoC for flyout state (left, right, preview panels) stored
entirely in the url without separate syncing mechanism. It is also
possible to opt in for in-memory storage.
### This vs current solution:
- **browser navigation is supported**
- we dont need to sync anything with in-memory state
- we can remove useImperativeHandle from expandable flyout package
- flyout state can be updated on the individual widget level, without
prop drilling
- when clicking between alerts, current flyout arrangement is retained -
so the tabs you have open etc are still there (no custom code required)
- **it is now possible to investigate something in timeline using the
flyout action & go back to the flyout view**
https://github.com/elastic/security-team/issues/8135
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fix https://github.com/elastic/kibana/issues/172055
Add a CI check verifying that any mapping addition (done after a type's
initial introduction) correctly defines the added mappings as a
`mappings_addition` change in a model version of the owning type (or
throws otherwise)
Similar to https://github.com/elastic/kibana/pull/169610
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
The _plugins status service_ listens to some of the plugins' statuses
through Observables.
If these plugins don't emit an initial status after some time, it
injects a first "timed out" value, with an `unavailable` state.
We're currently starting this 30s timeout at service creation time.
This is not accurate, as other services starting before plugins (e.g.
saved objects + migrations) are time consuming and can leave short to no
time for plugins to `start()` before hitting the 30s timeout.
This PR aims at fixing this, by starting to count when the plugins
`start()` methods are called.
This way, we're actually giving plugins 30s to emit a status.
## Summary
Part of https://github.com/elastic/kibana/issues/171060
Add additional memory metrics for collection:
**process**:
- `process.memory.array_buffers_in_bytes` the
`process.memoryUsage().arrayBuffers` value
- `process.memory.external_in_bytes` the
`process.memoryUsage().external` value
**cgroup**: (v2 only)
- `os.cgroupMemory.current_in_bytes` value from
`/sys/fs/cgroup/{group}/memory.current`
- `os.cgroupMemory.swap_current_in_bytes` value from
`/sys/fs/cgroup/{group}/memory.swap.current`
## Summary
This PR moves formulas and charts developed for the Hosts View and Asset
Details into the Inventory Models existing structure.
### `metrics_data_access` plugin
This is where the inventory models are found. All charts and formulas
have been moved from `infra` plugin into this plugin Most of the changes
are just about that. I've refactored a few things to help with the
reusability of these charts/dashboards
### `infra` plugin
Changes made here were a consequence of the refactors in the
charts/dashboards config.
### `@kbn/lens-embaddable-utils` package
Just added new types
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
