* [eslint] add rule to prevent export* in plugin index files
* deduplicate export names for types/instances with the same name
* attempt to auto-fix duplicate exports too
* capture exported enums too
* enforce no_export_all for core too
* disable rule by default, allow opting-in for help fixing
* update tests
* reduce yarn.lock duplication
* add rule but no fixes
* disable all existing violations
* update api docs with new line numbers
* revert unnecessary changes to yarn.lock which only had drawbacks
* remove unnecessary eslint-disable
* rework codegen to split type exports and use babel to generate valid code
* check for "export types" deeply
* improve test by using fixtures
* add comments to some helper functions
* disable fix for namespace exports including types
* label all eslint-disable comments with related team-specific issue
* ensure that child exports of `export type` are always tracked as types
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* wip to remove rbac
* Revert "[Cases] Include rule registry client for updating alert statuses (#108588)"
This reverts commit 1fd7038b34.
This leaves the rule registry mock changes
* remove rbac on Trend/Count alert
* update detection api for status
* remove @kbn-alerts packages
* fix leftover
* Switching cases to leverage update by query for alert status
* Adding missed files
* fix bad logic
* updating tests for use_alerts_privileges
* remove index alias/fields
* fix types
* fix plugin to get the right index names
* left over of alis on template
* forget to use current user for create/read route index
* updated alerts page to not show table when no privileges and updates to tests
* fix bug when switching between o11y and security solution
* updates tests and move to use privileges page when user tries to access alerts without proper access
* updating jest tests
* pairing with yara
* bring back kbn-alerts after discussion with the team
* fix types
* fix index field for o11y
* fix bug with updating index priv state
* fix i18n issue and update api docs
* fix refresh on alerts
* fix render view on alerts
* updating tests and checking for null in alerts page to not show no privileges page before load
* fix details rules
Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>
Co-authored-by: Yara Tercero <yara.tercero@elastic.co>
* fix o11y privileges when rule created in stack
* fix merge
* fix dsl alerts
* fix privileges on o11y
* after discussion with o11y, we agree to simplify logic of the count of alerts
* remove unused variable
* fix one more type error
Co-authored-by: mgiota <panagiota.mitsopoulou@elastic.co>
* Update T-Grid to use DataGrid pagination
* It also improves the Gtid loading state
* DataGrid pagination makes sure that we display the grid with the proper height.
* Add DataGrid height hack to t-grid
HUGE HACK!!!
DataGrtid height isn't properly calculated when the grid has horizontal scroll.
https://github.com/elastic/eui/issues/5030
In order to get around this bug we are calculating `DataGrid` height here and setting it as a prop.
Please revert this commit and allow DataGrid to calculate its height when the bug is fixed.
* Apply DataGrid laoding and pagination changes to observability
* Fix cypress tests
* Fix t-grid page render bug on Observability
* some pagination fixes
* hide table when analyzer active
* isolate exported function
Co-authored-by: semd <sergi.massaneda@elastic.co>
## Summary
Updates the `TGrid` to use `EuiDataGrid` [schemas](https://eui.elastic.co/#/tabular-content/data-grid-schemas-and-popovers/) as suggested by @snide in the following issue: <https://github.com/elastic/kibana/issues/108894>
## Desk testing
1) In the `Security Solution`, navigate to `Security > Rules` and enable multiple detection rules that have different `Risk Score`s
**Expected result**
- The Detection Engine generates alerts (when the rule's criteria is met) that have different risk scores
2) Navigate to the `Security > Alerts` page
**Expected results**
As shown in the screenshot below:
- The alerts table is sorted by `@timestamp` in descending (Z-A) order, "newest first"
- The `@timestamp` field in every row is newer than, or the same time as the row below it
- The alerts table shows a non-zero count of alerts, e.g. `20,600 alerts`
_Above: At page load, the alerts table is sorted by `@timestamp` in descending (Z-A) order, "newest first"_
3) Observe the count of alerts shown in the header of the alerts table, e.g. `20,600 alerts`, and then change the global date picker in the KQL bar from `Today` to `Last 1 year`
**Expected results**
- The golbal date picker now reads `Last 1 year`
- The count of the alerts displayed in the alerts table has increased, e.g. from `20,600 alerts` to `118,709 alerts`
- The `@timestamp` field in every row is (still) newer than, or the same time as the row below it
4) Click on the `@timestamp` column, and choose `Sort A-Z` from the popover, to change the sorting to ascending, "oldest first", as shown in the screenshot below:
_Above: Click `Sort A-Z` to sort ascending, "oldest first"_
**Expected results**
As shown in the screenshot below:
- The alerts table is sorted by `@timestamp` in ascending (A-Z) order, "oldest first"
- The `@timestamp` field in every row is older than, or the same time as the row below it
- `@timestamp` is older than the previously shown value, e.g. `Aug 3` instead of `Aug 24`
_Above: The alerts table is now sorted by `@timestamp` in ascending (A-Z) order, "oldest first"_
5) Click on the `Risk Score` column, and choose `Sort A-Z` from the popover, to add `Risk Score` as a secondary sort in descending (Z-A) "highest first" order, as shown in the screenshot below:
_Above: Click `Sort A-Z` to add `Risk Score` as a secondary sort in descending (Z-A) "highest first" order_
**Expected results**
- The alerts table re-fetches data
- The alerts table shows `2 fields sorted`
6) Hover over the alerts table and click the `Inspect` magnifiing glass icon
**Expected result**
- The `Inspect` modal appaers, as shown in the screenshot below:
_Above: the `Inspect` modal_
7) Click the `Request` tab, and scroll to the `sort` section of the request
**Expected result**
Per the JSON shown below:
- The request is sorted first by `@timestamp` in ascending (A-Z) order, "oldest first"
- The request is sorted second by `signal.rule.risk_score` descending (Z-A) "highest first" order
```json
"sort": [
{
"@timestamp": {
"order": "asc",
"unmapped_type": "date"
}
},
{
"signal.rule.risk_score": {
"order": "desc",
"unmapped_type": "number"
}
}
],
```
8) Click `Close` to close the `Inspect` modal
9) Click `2 fields sorted` to display the sort popover
10) Use the drag handles to, via drag-and-drop, update the sorting such that `Risk Score` is sorted **before** `@timestamp`, as shown in the screenshot below:
_Above: Use the drag handles to, via drag-and-drop, update the sorting such that `Risk Score` is sorted **before** `@timestamp`_
**Expected results**
As shown in the screenshot below:
- The table is updated to be sorted first by the higest risk score, e.g. previously `47`, now `73`
- The alerts table is sorted second by `@timestamp` in ascending (A-Z) order, "oldest first", and *may* have changed, e.g. from `Aug 3` to `Aug 12`, depending on the sample data in your environment
_Above: The alerts table is now sorted first by highest risk score_
11) Once again, hover over the alerts table and click the `Inspect` magnifiing glass icon
12) Once again, click the `Request` tab, and scroll to the `sort` section of the request
**Expected result**
Per the JSON shown below:
- The request is sorted first by `signal.rule.risk_score` in descending (Z-A) "highest first" order
- The request is sorted second by `@timestamp` in ascending (A-Z) order, "oldest first"
```json
"sort": [
{
"signal.rule.risk_score": {
"order": "desc",
"unmapped_type": "number"
}
},
{
"@timestamp": {
"order": "asc",
"unmapped_type": "date"
}
}
],
```
* popover padding size unified
* remove panels from all context menus
* action items order changed
* cases menu items test fixed
* translations and small changes
* remove components not used anywhere
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Angela Chuang <yi-chun.chuang@elastic.co>
* get back index names in o11y
* testing and integration
* fix types
* Avoid using the rule data client for field list
* Remove left-over index argument
* no needs of alert consumer anymore
Co-authored-by: Felix Stürmer <stuermer@weltenwort.de>
## Summary
Holy moly.
What is happening in this PR? 🤷🏽♀️ Let's break it down:
- Added a package `@kbn/alerts` - another one?! ...yes
- This is meant to add shared hooks and components around alerts as data
- `useGetUserAlertsPermissions` - accepts the Kibana capabilities object and returns whether the user has `read` and `crud` alerts privileges
- `AlertsFeatureNoPermissions` - component displayed when user does not have alerts privileges
- UI changes for user with NO alerts privileges
- `Alerts` tab hidden in security solution side navigation
- `Alerts` tab hidden in rule details page
- UI changes for user with alerts READ ONLY privileges
- alerts checkboxes hidden in alerts table
- alerts bulk actions hidden in alerts table
* use rac alerts bulk_update
* cleanup
* adds replace ALERT_STATUS with ALERT_WORKFLOW_STATUS and updates tests and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals
* allow object and string types in query param, fixed single update api to use WORKFLOW_STATUS instead of ALERT_STATUS
* adds additional integration test for when query is a DSL object in addtion to KQL string
* optionally use fields api in requests if _source does not contain authz properties
* integrate bulk update to all hook calls
* adds fields support, fixes bug where we were writing to 'signals.status' and not { signals: {status }} in alerts client
* clean up and fixes
* fix a bug where we were not waiting for updates to complete when using ids param in alerts bulk update. Adds integration tests for detection engine testing update alerts with new alerts as data client routes
* take index name from ecsData props
* pr suggestions
* some more type fixes
* refactor and type fixes
* snapshot updated
* add status update actions to row context menu
* refactor to use dispatch function in o11y actions
* comment removed
* bring alertConsumer back
* bring indexNames back
* check capabilities to show status update items
Co-authored-by: Devin Hurley <devin.hurley@elastic.co>
* Use correct url to management app for observability cases, use normalized ids in timelines
* Update failing test
* Load alert details data to render flyout in case detail view
* add alert consumers for useTimelineEventDetails
* set entityType to events
* rename to AlertConsumers
* set entityType to alerts
* send entity type to search strategy
* fix import
* fix import
* fix import
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add styling to euiPanel
* remove styling on Observability side in favor of separate PR
* Fix merge conflicts
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* es-query types
* jest and lint
* cc
* options
* type
* types for kuery FUNCTIONS
* doc
* sec fixes
* typey type
* test typescript
* test
* fixes
* test
* cr
* cleanup a bit more
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add alert consumers for useTimelineEventDetails
* set entityType to events
* rename to AlertConsumers
* set entityType to alerts
* send entity type to search strategy
* fix import
* fix import
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [RAC][Security Solution][Observability] Add the add to new case and add to existing case actions to observability alerts table
* Remove fake data and make features work with observability data format
* Remove console.log and unused translations
* Remove commented out code
* Remove unneeded copy pasta id, create initializeStore function in timelines
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
