github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity
82780 commits 428 branches 496 tags 23 GiB
Commit graph

12249 commits

Author SHA1 Message Date
Elena Stoeva
6eafb929e8
[8.18] Fix data streams API integration tests (#214731) 
Fixes https://github.com/elastic/kibana/issues/209014

## Summary

This PR updates the 8.18 data stream API integration tests to fix the
failures in the 8.x -> 9.0 forward compatibility tests.

To run the forward-compatibility tests locally:
```
ES_SNAPSHOT_MANIFEST="https://storage.googleapis.com/kibana-ci-es-snapshots-daily/9.0.0/manifest-latest-verified.json" node scripts/functional_tests_server.js --config ./x-pack/test/api_integration/apis/management/config.ts
```

and 

```
ES_SNAPSHOT_MANIFEST="https://storage.googleapis.com/kibana-ci-es-snapshots-daily/9.0.0/manifest-latest-verified.json" node scripts/functional_test_runner.js --config ./x-pack/test/api_integration/apis/management/config.ts --grep="Data streams"
```
 2025-03-17 17:06:15 +00:00
Jacek Kolezynski
80909da78f
[8.18] [Security Solution] Add note about removing bulk crud API in v9.0 and migrate examples (#213260) (#214710) 
# Backport

This will backport the following commits from `8.x` to `8.18`:
- [[Security Solution] Add note about removing bulk crud API in v9.0 and
migrate examples
(#213260)](https://github.com/elastic/kibana/pull/213260)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"jacek.kolezynski@elastic.co"},"sourceCommit":{"committedDate":"2025-03-14T19:55:22Z","message":"[Security
Solution] Add note about removing bulk crud API in v9.0 and migrate
examples (#213260)\n\n**Partially addresses:**
#211808,\nhttps://github.com/elastic/security-docs/issues/5981
(internal)\n\n## Summary\n\nThis is the third part of the migration
effort, containing changes for\nBULK CRUD:\n- adding a note informing of
removing this API in v.9.0\n- migrating examples\n- adding infos in
description\n\nThis PR will be backported only to versions for Kibana
v8\n\n# Testing\n1. cd
x-pack/solutions/security/plugins/security_solution\n2. yarn
openapi:bundle:detections \n3. Take the bundled
file\n(docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml)\nand
load it into bump.sh console to see the changes.\n4. Compare the changes
with the
[Legacy\ndocumentation](https://www.elastic.co/guide/en/security/current/rule-api-overview.html)\n\nYou
can also use this
[link](https://bump.sh/jkelas2/doc/kibana_wip3/)\nwhere I deployed the
generated bundled doc.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Georgii Gorbachev
<banderror@gmail.com>","sha":"e334449b82da6fad82808091e860f4c2248fcb74","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections
and Resp","Team: SecuritySolution","APIDocs","Team:Detection Rule
Management","backport:version","8.18
candidate","v8.18.0","v8.19.0"],"title":"[Security Solution] Add note
about removing bulk crud API in v9.0 and migrate
examples","number":213260,"url":"https://github.com/elastic/kibana/pull/213260","mergeCommit":{"message":"[Security
Solution] Add note about removing bulk crud API in v9.0 and migrate
examples (#213260)\n\n**Partially addresses:**
#211808,\nhttps://github.com/elastic/security-docs/issues/5981
(internal)\n\n## Summary\n\nThis is the third part of the migration
effort, containing changes for\nBULK CRUD:\n- adding a note informing of
removing this API in v.9.0\n- migrating examples\n- adding infos in
description\n\nThis PR will be backported only to versions for Kibana
v8\n\n# Testing\n1. cd
x-pack/solutions/security/plugins/security_solution\n2. yarn
openapi:bundle:detections \n3. Take the bundled
file\n(docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml)\nand
load it into bump.sh console to see the changes.\n4. Compare the changes
with the
[Legacy\ndocumentation](https://www.elastic.co/guide/en/security/current/rule-api-overview.html)\n\nYou
can also use this
[link](https://bump.sh/jkelas2/doc/kibana_wip3/)\nwhere I deployed the
generated bundled doc.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Georgii Gorbachev
<banderror@gmail.com>","sha":"e334449b82da6fad82808091e860f4c2248fcb74"}},"sourceBranch":"8.x","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-03-17 12:58:46 +00:00
Jean-Louis Leysens
80ca1caf91
[8.18] [UA] Use reindex_required metadata to drive corrective actions (#214532) (#214643) 
# Backport

This will backport the following commits from `8.x` to `8.18`:
- [[UA] Use `reindex_required` metadata to drive corrective actions
(#214532)](https://github.com/elastic/kibana/pull/214532)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jean-Louis
Leysens","email":"jeanlouis.leysens@elastic.co"},"sourceCommit":{"committedDate":"2025-03-14T18:50:43Z","message":"[UA]
Use `reindex_required` metadata to drive corrective actions
(#214532)\n\n## Summary\n\nTested locally and critical old data
deprecations are still surfaced as\nexpected\n\n<img width=\"586\"
alt=\"Screenshot 2025-03-14 at 10 12
50\"\nsrc=\"https://github.com/user-attachments/assets/25d87fbd-7c98-45e0-a86a-d513ea455571\"\n/>","sha":"26aba9287821f289deb11b27079a9a7d0945c714","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Core","release_note:skip","Feature:Upgrade
Assistant","backport:version","v8.18.0","v8.19.0","v8.18.1"],"title":"[UA]
Use `reindex_required` metadata to drive corrective
actions","number":214532,"url":"https://github.com/elastic/kibana/pull/214532","mergeCommit":{"message":"[UA]
Use `reindex_required` metadata to drive corrective actions
(#214532)\n\n## Summary\n\nTested locally and critical old data
deprecations are still surfaced as\nexpected\n\n<img width=\"586\"
alt=\"Screenshot 2025-03-14 at 10 12
50\"\nsrc=\"https://github.com/user-attachments/assets/25d87fbd-7c98-45e0-a86a-d513ea455571\"\n/>","sha":"26aba9287821f289deb11b27079a9a7d0945c714"}},"sourceBranch":"8.x","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-03-17 12:31:28 +00:00
Christos Nasikas
12996e20b2
[8.18] [Cases] Improve unit test flakiness (#212489) (#214676) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Cases] Improve unit test flakiness
(#212489)](https://github.com/elastic/kibana/pull/212489)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Christos
Nasikas","email":"christos.nasikas@elastic.co"},"sourceCommit":{"committedDate":"2025-03-14T17:17:13Z","message":"[Cases]
Improve unit test flakiness (#212489)\n\n## Summary\n\nThis PR attempts
(I have lost count of how many there have been so far)\nto stabilize the
flakiness of cases tests.\n\n## Approach\n\nBased on our investigations,
I believe a common factor that causes all\ntests to time out is how we
wrap the tests with the needed providers.\nInstead of figuring out why
they time out (which is very difficult), I\ntried a different approach.
I rewrote how we initialize the testing\ndependencies, mocks, and
providers on tests. To test my theory, I\ncreated a VM instance in
GCloud with the same configuration as the one\nrunning in the CI,
specifically the n2-standard-4 (4 vCPUs, 16 GB\nMemory) machine type. I
ran the tests 100 times, which took almost two\ndays. In 10 of the runs,
a random test was timeouted. I noticed that the\nmachine was stressed
while running the tests, and the CPU frequently\nspiked to 100%,
especially at the beginning of each test. Then, I\nincreased the timeout
for all cases tests to 10 seconds and ran the\ntests again 100 times. No
timeouts occurred. Lastly, I created a VM\ninstance in GCloud with the
same configuration as the one running in the\nCI, specifically the
n2-standard-8 (8 vCPUs, 32 GB Memory) machine type.\nI ran the tests
again 100 times. In 1 of the runs, a random test was\ntimeouted. The
machine on the CI cannot handle the cases tests. I\nbelieve the work in
this PR is a step in the right direction either way,\nand we will
benefit from it. I also believe increasing the timeout is a\ngood
decision as we need it based on the experiments and the research
we\nhave done in the last months.\n\nCPU usage on
n2-standard-4\n\n\nhttps://github.com/user-attachments/assets/36b035df-310f-4906-98ba-688d57b97c7e\n\nCPU
usage on
n2-standard-8\n\n\nhttps://github.com/user-attachments/assets/3b1b6351-d48e-41da-a413-a56e52b54b82\n\n##
RLT eslint rules\nI enabled the [RLT
eslint\nrules](https://testing-library.com/docs/ecosystem-eslint-plugin-testing-library/)\nfor
Cases and resolved any eslint errors. The process revealed small\nbugs
in the tests, which I fixed them.\n\n## Testing utils\n\nI removed the
`appMockRender` and any usage in favor of the
new\n`renderWithTestingProviders` utility function and the
improved\n`TestProviders` component. The `renderWithTestingProviders`
follows
the\nprincipals\n[suggested](https://github.com/testing-library/react-testing-library/issues/780#issuecomment-689053441)\nby
the RLT team. Specifically:\n- The `renderWithTestingProviders` is a
wrapper of the `render` function\nof the RTL library.\n- The
`renderWithTestingProviders` does not create the services or
any\ncomponent inside it.\n- The `renderWithTestingProviders` cannot be
used in `beforeEach`\nfunctions. It should be called separately on each
test.\n- The `renderWithTestingProviders` accepts props to override the
default\nmocks.\n- The `renderWithTestingProviders` passes the
`TestProviders` in the\n`wrapper` argument of the RLT `render`
function.\n- The `TestProviders` component initializes and memoizes all
services\nand dependencies. It accepts props to override the default
mocks.\n- Mock overrides (like core services) should be created and
passed to\n`renderWithTestingProviders` on each test, even if it means
duplication.\nWe favor test isolation.\n\n### Checklist\n\nCheck the PR
satisfies the following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n\n##
Issues\n<details>\n<summary>List</summary>\n\nFixes:
https://github.com/elastic/kibana/issues/207712\nFixes:
https://github.com/elastic/kibana/issues/192739\nFixes:
https://github.com/elastic/kibana/issues/174682\nFixes:
https://github.com/elastic/kibana/issues/206366\nFixes:
https://github.com/elastic/kibana/issues/207427\nFixes:
https://github.com/elastic/kibana/issues/175239\nFixes:
https://github.com/elastic/kibana/issues/177334\nFixes:
https://github.com/elastic/kibana/issues/208443\nFixes:
https://github.com/elastic/kibana/issues/187526\nFixes:
https://github.com/elastic/kibana/issues/208310\nFixes:
https://github.com/elastic/kibana/issues/192640\nFixes:
https://github.com/elastic/kibana/issues/207077\nFixes:
https://github.com/elastic/kibana/issues/197304\nFixes:
https://github.com/elastic/kibana/issues/207249\nFixes:
https://github.com/elastic/kibana/issues/202761\nFixes:
https://github.com/elastic/kibana/issues/202115\nFixes:
https://github.com/elastic/kibana/issues/193026\nFixes:
https://github.com/elastic/kibana/issues/177304\nFixes:
https://github.com/elastic/kibana/issues/208415\nFixes:
https://github.com/elastic/kibana/issues/174661\nFixes:
https://github.com/elastic/kibana/issues/201611\nFixes:
https://github.com/elastic/kibana/issues/182364\nFixes:
https://github.com/elastic/kibana/issues/175841\nFixes:
https://github.com/elastic/kibana/issues/207907\nFixes:
https://github.com/elastic/kibana/issues/171177\nFixes:
https://github.com/elastic/kibana/issues/196628\nFixes:
https://github.com/elastic/kibana/issues/194703\nFixes:
https://github.com/elastic/kibana/issues/207241\nFixes:
https://github.com/elastic/kibana/issues/206056\nFixes:
https://github.com/elastic/kibana/issues/207328\nFixes:
https://github.com/elastic/kibana/issues/205953\nFixes:
https://github.com/elastic/kibana/issues/176524\nFixes:
https://github.com/elastic/kibana/issues/176335\nFixes:
https://github.com/elastic/kibana/issues/207404\nFixes:
https://github.com/elastic/kibana/issues/207384\nFixes:
https://github.com/elastic/kibana/issues/208380\nFixes:
https://github.com/elastic/kibana/issues/207248\nFixes:
https://github.com/elastic/kibana/issues/207444\nFixes:
https://github.com/elastic/kibana/issues/175240\nFixes:
https://github.com/elastic/kibana/issues/178001\n\n</details>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"1054799f9c1139c52d74c9c588f60177182919c7","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","Feature:Cases","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Cases]
Improve unit test
flakiness","number":212489,"url":"https://github.com/elastic/kibana/pull/212489","mergeCommit":{"message":"[Cases]
Improve unit test flakiness (#212489)\n\n## Summary\n\nThis PR attempts
(I have lost count of how many there have been so far)\nto stabilize the
flakiness of cases tests.\n\n## Approach\n\nBased on our investigations,
I believe a common factor that causes all\ntests to time out is how we
wrap the tests with the needed providers.\nInstead of figuring out why
they time out (which is very difficult), I\ntried a different approach.
I rewrote how we initialize the testing\ndependencies, mocks, and
providers on tests. To test my theory, I\ncreated a VM instance in
GCloud with the same configuration as the one\nrunning in the CI,
specifically the n2-standard-4 (4 vCPUs, 16 GB\nMemory) machine type. I
ran the tests 100 times, which took almost two\ndays. In 10 of the runs,
a random test was timeouted. I noticed that the\nmachine was stressed
while running the tests, and the CPU frequently\nspiked to 100%,
especially at the beginning of each test. Then, I\nincreased the timeout
for all cases tests to 10 seconds and ran the\ntests again 100 times. No
timeouts occurred. Lastly, I created a VM\ninstance in GCloud with the
same configuration as the one running in the\nCI, specifically the
n2-standard-8 (8 vCPUs, 32 GB Memory) machine type.\nI ran the tests
again 100 times. In 1 of the runs, a random test was\ntimeouted. The
machine on the CI cannot handle the cases tests. I\nbelieve the work in
this PR is a step in the right direction either way,\nand we will
benefit from it. I also believe increasing the timeout is a\ngood
decision as we need it based on the experiments and the research
we\nhave done in the last months.\n\nCPU usage on
n2-standard-4\n\n\nhttps://github.com/user-attachments/assets/36b035df-310f-4906-98ba-688d57b97c7e\n\nCPU
usage on
n2-standard-8\n\n\nhttps://github.com/user-attachments/assets/3b1b6351-d48e-41da-a413-a56e52b54b82\n\n##
RLT eslint rules\nI enabled the [RLT
eslint\nrules](https://testing-library.com/docs/ecosystem-eslint-plugin-testing-library/)\nfor
Cases and resolved any eslint errors. The process revealed small\nbugs
in the tests, which I fixed them.\n\n## Testing utils\n\nI removed the
`appMockRender` and any usage in favor of the
new\n`renderWithTestingProviders` utility function and the
improved\n`TestProviders` component. The `renderWithTestingProviders`
follows
the\nprincipals\n[suggested](https://github.com/testing-library/react-testing-library/issues/780#issuecomment-689053441)\nby
the RLT team. Specifically:\n- The `renderWithTestingProviders` is a
wrapper of the `render` function\nof the RTL library.\n- The
`renderWithTestingProviders` does not create the services or
any\ncomponent inside it.\n- The `renderWithTestingProviders` cannot be
used in `beforeEach`\nfunctions. It should be called separately on each
test.\n- The `renderWithTestingProviders` accepts props to override the
default\nmocks.\n- The `renderWithTestingProviders` passes the
`TestProviders` in the\n`wrapper` argument of the RLT `render`
function.\n- The `TestProviders` component initializes and memoizes all
services\nand dependencies. It accepts props to override the default
mocks.\n- Mock overrides (like core services) should be created and
passed to\n`renderWithTestingProviders` on each test, even if it means
duplication.\nWe favor test isolation.\n\n### Checklist\n\nCheck the PR
satisfies the following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n\n##
Issues\n<details>\n<summary>List</summary>\n\nFixes:
https://github.com/elastic/kibana/issues/207712\nFixes:
https://github.com/elastic/kibana/issues/192739\nFixes:
https://github.com/elastic/kibana/issues/174682\nFixes:
https://github.com/elastic/kibana/issues/206366\nFixes:
https://github.com/elastic/kibana/issues/207427\nFixes:
https://github.com/elastic/kibana/issues/175239\nFixes:
https://github.com/elastic/kibana/issues/177334\nFixes:
https://github.com/elastic/kibana/issues/208443\nFixes:
https://github.com/elastic/kibana/issues/187526\nFixes:
https://github.com/elastic/kibana/issues/208310\nFixes:
https://github.com/elastic/kibana/issues/192640\nFixes:
https://github.com/elastic/kibana/issues/207077\nFixes:
https://github.com/elastic/kibana/issues/197304\nFixes:
https://github.com/elastic/kibana/issues/207249\nFixes:
https://github.com/elastic/kibana/issues/202761\nFixes:
https://github.com/elastic/kibana/issues/202115\nFixes:
https://github.com/elastic/kibana/issues/193026\nFixes:
https://github.com/elastic/kibana/issues/177304\nFixes:
https://github.com/elastic/kibana/issues/208415\nFixes:
https://github.com/elastic/kibana/issues/174661\nFixes:
https://github.com/elastic/kibana/issues/201611\nFixes:
https://github.com/elastic/kibana/issues/182364\nFixes:
https://github.com/elastic/kibana/issues/175841\nFixes:
https://github.com/elastic/kibana/issues/207907\nFixes:
https://github.com/elastic/kibana/issues/171177\nFixes:
https://github.com/elastic/kibana/issues/196628\nFixes:
https://github.com/elastic/kibana/issues/194703\nFixes:
https://github.com/elastic/kibana/issues/207241\nFixes:
https://github.com/elastic/kibana/issues/206056\nFixes:
https://github.com/elastic/kibana/issues/207328\nFixes:
https://github.com/elastic/kibana/issues/205953\nFixes:
https://github.com/elastic/kibana/issues/176524\nFixes:
https://github.com/elastic/kibana/issues/176335\nFixes:
https://github.com/elastic/kibana/issues/207404\nFixes:
https://github.com/elastic/kibana/issues/207384\nFixes:
https://github.com/elastic/kibana/issues/208380\nFixes:
https://github.com/elastic/kibana/issues/207248\nFixes:
https://github.com/elastic/kibana/issues/207444\nFixes:
https://github.com/elastic/kibana/issues/175240\nFixes:
https://github.com/elastic/kibana/issues/178001\n\n</details>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"1054799f9c1139c52d74c9c588f60177182919c7"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212489","number":212489,"mergeCommit":{"message":"[Cases]
Improve unit test flakiness (#212489)\n\n## Summary\n\nThis PR attempts
(I have lost count of how many there have been so far)\nto stabilize the
flakiness of cases tests.\n\n## Approach\n\nBased on our investigations,
I believe a common factor that causes all\ntests to time out is how we
wrap the tests with the needed providers.\nInstead of figuring out why
they time out (which is very difficult), I\ntried a different approach.
I rewrote how we initialize the testing\ndependencies, mocks, and
providers on tests. To test my theory, I\ncreated a VM instance in
GCloud with the same configuration as the one\nrunning in the CI,
specifically the n2-standard-4 (4 vCPUs, 16 GB\nMemory) machine type. I
ran the tests 100 times, which took almost two\ndays. In 10 of the runs,
a random test was timeouted. I noticed that the\nmachine was stressed
while running the tests, and the CPU frequently\nspiked to 100%,
especially at the beginning of each test. Then, I\nincreased the timeout
for all cases tests to 10 seconds and ran the\ntests again 100 times. No
timeouts occurred. Lastly, I created a VM\ninstance in GCloud with the
same configuration as the one running in the\nCI, specifically the
n2-standard-8 (8 vCPUs, 32 GB Memory) machine type.\nI ran the tests
again 100 times. In 1 of the runs, a random test was\ntimeouted. The
machine on the CI cannot handle the cases tests. I\nbelieve the work in
this PR is a step in the right direction either way,\nand we will
benefit from it. I also believe increasing the timeout is a\ngood
decision as we need it based on the experiments and the research
we\nhave done in the last months.\n\nCPU usage on
n2-standard-4\n\n\nhttps://github.com/user-attachments/assets/36b035df-310f-4906-98ba-688d57b97c7e\n\nCPU
usage on
n2-standard-8\n\n\nhttps://github.com/user-attachments/assets/3b1b6351-d48e-41da-a413-a56e52b54b82\n\n##
RLT eslint rules\nI enabled the [RLT
eslint\nrules](https://testing-library.com/docs/ecosystem-eslint-plugin-testing-library/)\nfor
Cases and resolved any eslint errors. The process revealed small\nbugs
in the tests, which I fixed them.\n\n## Testing utils\n\nI removed the
`appMockRender` and any usage in favor of the
new\n`renderWithTestingProviders` utility function and the
improved\n`TestProviders` component. The `renderWithTestingProviders`
follows
the\nprincipals\n[suggested](https://github.com/testing-library/react-testing-library/issues/780#issuecomment-689053441)\nby
the RLT team. Specifically:\n- The `renderWithTestingProviders` is a
wrapper of the `render` function\nof the RTL library.\n- The
`renderWithTestingProviders` does not create the services or
any\ncomponent inside it.\n- The `renderWithTestingProviders` cannot be
used in `beforeEach`\nfunctions. It should be called separately on each
test.\n- The `renderWithTestingProviders` accepts props to override the
default\nmocks.\n- The `renderWithTestingProviders` passes the
`TestProviders` in the\n`wrapper` argument of the RLT `render`
function.\n- The `TestProviders` component initializes and memoizes all
services\nand dependencies. It accepts props to override the default
mocks.\n- Mock overrides (like core services) should be created and
passed to\n`renderWithTestingProviders` on each test, even if it means
duplication.\nWe favor test isolation.\n\n### Checklist\n\nCheck the PR
satisfies the following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n\n##
Issues\n<details>\n<summary>List</summary>\n\nFixes:
https://github.com/elastic/kibana/issues/207712\nFixes:
https://github.com/elastic/kibana/issues/192739\nFixes:
https://github.com/elastic/kibana/issues/174682\nFixes:
https://github.com/elastic/kibana/issues/206366\nFixes:
https://github.com/elastic/kibana/issues/207427\nFixes:
https://github.com/elastic/kibana/issues/175239\nFixes:
https://github.com/elastic/kibana/issues/177334\nFixes:
https://github.com/elastic/kibana/issues/208443\nFixes:
https://github.com/elastic/kibana/issues/187526\nFixes:
https://github.com/elastic/kibana/issues/208310\nFixes:
https://github.com/elastic/kibana/issues/192640\nFixes:
https://github.com/elastic/kibana/issues/207077\nFixes:
https://github.com/elastic/kibana/issues/197304\nFixes:
https://github.com/elastic/kibana/issues/207249\nFixes:
https://github.com/elastic/kibana/issues/202761\nFixes:
https://github.com/elastic/kibana/issues/202115\nFixes:
https://github.com/elastic/kibana/issues/193026\nFixes:
https://github.com/elastic/kibana/issues/177304\nFixes:
https://github.com/elastic/kibana/issues/208415\nFixes:
https://github.com/elastic/kibana/issues/174661\nFixes:
https://github.com/elastic/kibana/issues/201611\nFixes:
https://github.com/elastic/kibana/issues/182364\nFixes:
https://github.com/elastic/kibana/issues/175841\nFixes:
https://github.com/elastic/kibana/issues/207907\nFixes:
https://github.com/elastic/kibana/issues/171177\nFixes:
https://github.com/elastic/kibana/issues/196628\nFixes:
https://github.com/elastic/kibana/issues/194703\nFixes:
https://github.com/elastic/kibana/issues/207241\nFixes:
https://github.com/elastic/kibana/issues/206056\nFixes:
https://github.com/elastic/kibana/issues/207328\nFixes:
https://github.com/elastic/kibana/issues/205953\nFixes:
https://github.com/elastic/kibana/issues/176524\nFixes:
https://github.com/elastic/kibana/issues/176335\nFixes:
https://github.com/elastic/kibana/issues/207404\nFixes:
https://github.com/elastic/kibana/issues/207384\nFixes:
https://github.com/elastic/kibana/issues/208380\nFixes:
https://github.com/elastic/kibana/issues/207248\nFixes:
https://github.com/elastic/kibana/issues/207444\nFixes:
https://github.com/elastic/kibana/issues/175240\nFixes:
https://github.com/elastic/kibana/issues/178001\n\n</details>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"1054799f9c1139c52d74c9c588f60177182919c7"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2025-03-17 08:18:25 +01:00
Dmitrii Shevchenko
f6e91fbdf5
[8.18] [Security Solution] Remove the customization check when importing rules (#214577) (#214651) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Remove the customization check when importing
rules (#214577)](https://github.com/elastic/kibana/pull/214577)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Dmitrii
Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2025-03-14T19:14:32Z","message":"[Security
Solution] Remove the customization check when importing rules
(#214577)","sha":"67d6707715b5508d44666a068ffd5a00cfa92e08","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Remove the customization check when importing
rules","number":214577,"url":"https://github.com/elastic/kibana/pull/214577","mergeCommit":{"message":"[Security
Solution] Remove the customization check when importing rules
(#214577)","sha":"67d6707715b5508d44666a068ffd5a00cfa92e08"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/214577","number":214577,"mergeCommit":{"message":"[Security
Solution] Remove the customization check when importing rules
(#214577)","sha":"67d6707715b5508d44666a068ffd5a00cfa92e08"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-03-15 16:17:19 +01:00
Kibana Machine
9ecdbde42d
[8.18] [Detection Engine] Cypress - Add more robust selection from our DataView dropdown component (#213510) (#214605) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Detection Engine] Cypress - Add more robust selection from our
DataView dropdown component
(#213510)](https://github.com/elastic/kibana/pull/213510)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Ryland
Herrick","email":"ryalnd@gmail.com"},"sourceCommit":{"committedDate":"2025-03-14T16:10:27Z","message":"[Detection
Engine] Cypress - Add more robust selection from our DataView dropdown
component (#213510)\n\nThis addresses some recent cypress failures:
\n\n* https://github.com/elastic/kibana/issues/212743 (Rule Creation
with a\nDataView)\n* https://github.com/elastic/kibana/issues/212742
(Rule Creation + Edit\nwith a DataView)\n*
https://github.com/elastic/kibana/issues/213752 (Rule Creation +\nFilter
with a DataView)\n\nThis appears (as much as a cypress failure can 😓) to
be caused by an\nincorrect/false-positive assertion, leading to us (very
occasionally)\ninteracting with the combobox before it's ready. We were
calling\n`.should('not.be.disabled')` on an element that could never be
disabled.\nBy calling that instead on the inner `input` that actually
is\nenabled/disabled, we have the sanity check that was originally
intended.\n\nThis PR also adds a post-action check
(`.should('contains',\nthingThatWasTyped)`) so that if the action fails,
the test doesn't fail\ninscrutably at a later step.\n\n###
Evidence\n\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8003\n(50x)\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8004\n(200x)\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8033\n(200x)\n\n###
Significance\n\n**Note also** that some initial investigation found this
pattern in\nseveral places in our test suite. I'm going to follow up on
this focused\nPR with a more comprehensive one (once this is proven out
in the flaky\nrunner).\n\n### Checklist\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests
changed","sha":"02409dbd65c0262022cdee918e6651d8afc7b330","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:prev-major","Team:Detection
Engine","v9.1.0"],"title":"[Detection Engine] Cypress - Add more robust
selection from our DataView dropdown
component","number":213510,"url":"https://github.com/elastic/kibana/pull/213510","mergeCommit":{"message":"[Detection
Engine] Cypress - Add more robust selection from our DataView dropdown
component (#213510)\n\nThis addresses some recent cypress failures:
\n\n* https://github.com/elastic/kibana/issues/212743 (Rule Creation
with a\nDataView)\n* https://github.com/elastic/kibana/issues/212742
(Rule Creation + Edit\nwith a DataView)\n*
https://github.com/elastic/kibana/issues/213752 (Rule Creation +\nFilter
with a DataView)\n\nThis appears (as much as a cypress failure can 😓) to
be caused by an\nincorrect/false-positive assertion, leading to us (very
occasionally)\ninteracting with the combobox before it's ready. We were
calling\n`.should('not.be.disabled')` on an element that could never be
disabled.\nBy calling that instead on the inner `input` that actually
is\nenabled/disabled, we have the sanity check that was originally
intended.\n\nThis PR also adds a post-action check
(`.should('contains',\nthingThatWasTyped)`) so that if the action fails,
the test doesn't fail\ninscrutably at a later step.\n\n###
Evidence\n\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8003\n(50x)\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8004\n(200x)\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8033\n(200x)\n\n###
Significance\n\n**Note also** that some initial investigation found this
pattern in\nseveral places in our test suite. I'm going to follow up on
this focused\nPR with a more comprehensive one (once this is proven out
in the flaky\nrunner).\n\n### Checklist\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests
changed","sha":"02409dbd65c0262022cdee918e6651d8afc7b330"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213510","number":213510,"mergeCommit":{"message":"[Detection
Engine] Cypress - Add more robust selection from our DataView dropdown
component (#213510)\n\nThis addresses some recent cypress failures:
\n\n* https://github.com/elastic/kibana/issues/212743 (Rule Creation
with a\nDataView)\n* https://github.com/elastic/kibana/issues/212742
(Rule Creation + Edit\nwith a DataView)\n*
https://github.com/elastic/kibana/issues/213752 (Rule Creation +\nFilter
with a DataView)\n\nThis appears (as much as a cypress failure can 😓) to
be caused by an\nincorrect/false-positive assertion, leading to us (very
occasionally)\ninteracting with the combobox before it's ready. We were
calling\n`.should('not.be.disabled')` on an element that could never be
disabled.\nBy calling that instead on the inner `input` that actually
is\nenabled/disabled, we have the sanity check that was originally
intended.\n\nThis PR also adds a post-action check
(`.should('contains',\nthingThatWasTyped)`) so that if the action fails,
the test doesn't fail\ninscrutably at a later step.\n\n###
Evidence\n\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8003\n(50x)\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8004\n(200x)\n*\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8033\n(200x)\n\n###
Significance\n\n**Note also** that some initial investigation found this
pattern in\nseveral places in our test suite. I'm going to follow up on
this focused\nPR with a more comprehensive one (once this is proven out
in the flaky\nrunner).\n\n### Checklist\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests
changed","sha":"02409dbd65c0262022cdee918e6651d8afc7b330"}}]}]
BACKPORT-->

Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
 2025-03-14 18:19:46 +00:00
Jan Monschke
0fef04ccc6
[8.18] [Threat Hunting Investigations] Improve API docs for notes/timeline (#213584) (#214528) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Threat Hunting Investigations] Improve API docs for notes/timeline
(#213584)](https://github.com/elastic/kibana/pull/213584)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jan
Monschke","email":"jan.monschke@elastic.co"},"sourceCommit":{"committedDate":"2025-03-12T17:55:54Z","message":"[Threat
Hunting Investigations] Improve API docs for notes/timeline
(#213584)\n\n##
Summary\n\n[META\nissue](https://github.com/elastic/security-docs-internal/issues/57)\n\nThis
PR improves the API documentation for timeline/notes/pinned events\nas
per the definition in the meta issue.\n\n### Notes\n#### Timeline API\n-
`eventType`:\n\t- is always set to `all`\n\t- looks like it's been
superseded by dataView?\n\t- I marked it as `deperecated` \n-
`eventIdToNoteIds`:\n- there's a type mismatch between what the frontend
expects and what is\nreturned\n\t- also it does not seem to be used
anymore?\n\t- it needs to be investigated further\n#### Notes API\n-
`GlobalNote`:\n\t- looks like it's not used anymore\n\t- I removed it,
nothing broke\n- `eventIngested`, `eventTimestamp`, `eventDataView` and
`overrideOwner`\nare all not used on the patch note endpoint, I removed
them. The\n`event*` ones I have never seen before to be
honest.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"e3311c516b45999e875b92ff14140a3197babfc6","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting:Investigations","backport:all-open","v9.1.0"],"title":"[Threat
Hunting Investigations] Improve API docs for
notes/timeline","number":213584,"url":"https://github.com/elastic/kibana/pull/213584","mergeCommit":{"message":"[Threat
Hunting Investigations] Improve API docs for notes/timeline
(#213584)\n\n##
Summary\n\n[META\nissue](https://github.com/elastic/security-docs-internal/issues/57)\n\nThis
PR improves the API documentation for timeline/notes/pinned events\nas
per the definition in the meta issue.\n\n### Notes\n#### Timeline API\n-
`eventType`:\n\t- is always set to `all`\n\t- looks like it's been
superseded by dataView?\n\t- I marked it as `deperecated` \n-
`eventIdToNoteIds`:\n- there's a type mismatch between what the frontend
expects and what is\nreturned\n\t- also it does not seem to be used
anymore?\n\t- it needs to be investigated further\n#### Notes API\n-
`GlobalNote`:\n\t- looks like it's not used anymore\n\t- I removed it,
nothing broke\n- `eventIngested`, `eventTimestamp`, `eventDataView` and
`overrideOwner`\nare all not used on the patch note endpoint, I removed
them. The\n`event*` ones I have never seen before to be
honest.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"e3311c516b45999e875b92ff14140a3197babfc6"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/214261","number":214261,"state":"MERGED","mergeCommit":{"sha":"77caf7c24a7424c52e5b37107768ce3d4ff15bfb","message":"[9.0]
[Threat Hunting Investigations] Improve API docs for notes/timeline
(#213584) (#214261)\n\n# Backport\n\nThis will backport the following
commits from `main` to `9.0`:\n- [[Threat Hunting Investigations]
Improve API docs for
notes/timeline\n(#213584)](https://github.com/elastic/kibana/pull/213584)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Jan Monschke
<jan.monschke@elastic.co>"}},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213584","number":213584,"mergeCommit":{"message":"[Threat
Hunting Investigations] Improve API docs for notes/timeline
(#213584)\n\n##
Summary\n\n[META\nissue](https://github.com/elastic/security-docs-internal/issues/57)\n\nThis
PR improves the API documentation for timeline/notes/pinned events\nas
per the definition in the meta issue.\n\n### Notes\n#### Timeline API\n-
`eventType`:\n\t- is always set to `all`\n\t- looks like it's been
superseded by dataView?\n\t- I marked it as `deperecated` \n-
`eventIdToNoteIds`:\n- there's a type mismatch between what the frontend
expects and what is\nreturned\n\t- also it does not seem to be used
anymore?\n\t- it needs to be investigated further\n#### Notes API\n-
`GlobalNote`:\n\t- looks like it's not used anymore\n\t- I removed it,
nothing broke\n- `eventIngested`, `eventTimestamp`, `eventDataView` and
`overrideOwner`\nare all not used on the patch note endpoint, I removed
them. The\n`event*` ones I have never seen before to be
honest.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"e3311c516b45999e875b92ff14140a3197babfc6"}}]}]
BACKPORT-->
 2025-03-14 10:39:26 -05:00
Kibana Machine
efed88be26
[8.18] [Security Solution] Reverts all remaining diff algorithm fields to return Target version when base version is missing (#214287) (#214515) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Reverts all remaining diff algorithm fields to
return Target version when base version is missing
(#214287)](https://github.com/elastic/kibana/pull/214287)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-14T07:20:37Z","message":"[Security
Solution] Reverts all remaining diff algorithm fields to return Target
version when base version is missing (#214287)\n\n##
Summary\n\nOriginally we had intended to have the prebuilt rule diff
algorithms\nmerge non-functional fields when the field's base version
was missing\nand a rule was marked as customized as described
in\nhttps://github.com/elastic/kibana/issues/210358\n\n> - When the rule
has a missing base version and is marked as\ncustomized:\n> - We should
attempt to merge all non-functional mergeable fields (any\nfield that
doesn't have consequences with how the rule runs e.g. tags)\nand return
them as SOLVABLE_CONFLICT\n\nWe ended up changing this logic to return
the `Target` version for every\nfield that fit that
description\n(https://github.com/elastic/kibana/pull/214161
and\nhttps://github.com/elastic/kibana/pull/213757) besides `tags` and
in\norder to support consistency rather than a very minor edge case, we
now\njust return the target version for every field with a missing
base\nversion and let users sort it out on their end\n\nThis PR reverts
the changes made to accommodate this edge case and\nupdates related
tests to account for the new logic\n\n### Checklist\n\nCheck the PR
satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: Georgii Gorbachev
<georgii.gorbachev@elastic.co>","sha":"a2d2054148b8cd7a062cfabd477338a3fd55428b","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Reverts all remaining diff algorithm fields to return Target
version when base version is
missing","number":214287,"url":"https://github.com/elastic/kibana/pull/214287","mergeCommit":{"message":"[Security
Solution] Reverts all remaining diff algorithm fields to return Target
version when base version is missing (#214287)\n\n##
Summary\n\nOriginally we had intended to have the prebuilt rule diff
algorithms\nmerge non-functional fields when the field's base version
was missing\nand a rule was marked as customized as described
in\nhttps://github.com/elastic/kibana/issues/210358\n\n> - When the rule
has a missing base version and is marked as\ncustomized:\n> - We should
attempt to merge all non-functional mergeable fields (any\nfield that
doesn't have consequences with how the rule runs e.g. tags)\nand return
them as SOLVABLE_CONFLICT\n\nWe ended up changing this logic to return
the `Target` version for every\nfield that fit that
description\n(https://github.com/elastic/kibana/pull/214161
and\nhttps://github.com/elastic/kibana/pull/213757) besides `tags` and
in\norder to support consistency rather than a very minor edge case, we
now\njust return the target version for every field with a missing
base\nversion and let users sort it out on their end\n\nThis PR reverts
the changes made to accommodate this edge case and\nupdates related
tests to account for the new logic\n\n### Checklist\n\nCheck the PR
satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: Georgii Gorbachev
<georgii.gorbachev@elastic.co>","sha":"a2d2054148b8cd7a062cfabd477338a3fd55428b"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/214287","number":214287,"mergeCommit":{"message":"[Security
Solution] Reverts all remaining diff algorithm fields to return Target
version when base version is missing (#214287)\n\n##
Summary\n\nOriginally we had intended to have the prebuilt rule diff
algorithms\nmerge non-functional fields when the field's base version
was missing\nand a rule was marked as customized as described
in\nhttps://github.com/elastic/kibana/issues/210358\n\n> - When the rule
has a missing base version and is marked as\ncustomized:\n> - We should
attempt to merge all non-functional mergeable fields (any\nfield that
doesn't have consequences with how the rule runs e.g. tags)\nand return
them as SOLVABLE_CONFLICT\n\nWe ended up changing this logic to return
the `Target` version for every\nfield that fit that
description\n(https://github.com/elastic/kibana/pull/214161
and\nhttps://github.com/elastic/kibana/pull/213757) besides `tags` and
in\norder to support consistency rather than a very minor edge case, we
now\njust return the target version for every field with a missing
base\nversion and let users sort it out on their end\n\nThis PR reverts
the changes made to accommodate this edge case and\nupdates related
tests to account for the new logic\n\n### Checklist\n\nCheck the PR
satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: Georgii Gorbachev
<georgii.gorbachev@elastic.co>","sha":"a2d2054148b8cd7a062cfabd477338a3fd55428b"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
 2025-03-14 09:06:53 +00:00
Kibana Machine
a98a4c31f7
[8.18] [Stack Monitoring] New FTR for "view logs" link (#208351) (#214296) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Stack Monitoring] New FTR for "view logs" link
(#208351)](https://github.com/elastic/kibana/pull/208351)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Valentin
Crettaz","email":"valentin.crettaz@elastic.co"},"sourceCommit":{"committedDate":"2025-03-12T22:35:28Z","message":"[Stack
Monitoring] New FTR for \"view logs\" link (#208351)\n\n##
Summary\n\nCloses https://github.com/elastic/kibana/issues/202675\n\nA
[recent bug](https://github.com/elastic/kibana/issues/199902) broke\nthe
Stack Monitoring UI only if/when logs were present. Functional
test\ncoverage was lacking to detect such a situation.\n\nThis PR adds
some functional test coverage to make sure that the \"View\nlogs\" link
in Stack Monitoring works whenever logs are available,\nwherever logs
can be visible, i.e. in the cluster overview page, the\nnode details
page and the index details page.\n\n### Checklist\n\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"c218f4239a10dd7b0cd4aa24e0a627f9d779d94c","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","Team:Monitoring","release_note:skip","Feature:Stack
Monitoring","FTR","v8.18.0","v8.17.2","v9.1.0"],"title":"[Stack
Monitoring] New FTR for \"view logs\"
link","number":208351,"url":"https://github.com/elastic/kibana/pull/208351","mergeCommit":{"message":"[Stack
Monitoring] New FTR for \"view logs\" link (#208351)\n\n##
Summary\n\nCloses https://github.com/elastic/kibana/issues/202675\n\nA
[recent bug](https://github.com/elastic/kibana/issues/199902) broke\nthe
Stack Monitoring UI only if/when logs were present. Functional
test\ncoverage was lacking to detect such a situation.\n\nThis PR adds
some functional test coverage to make sure that the \"View\nlogs\" link
in Stack Monitoring works whenever logs are available,\nwherever logs
can be visible, i.e. in the cluster overview page, the\nnode details
page and the index details page.\n\n### Checklist\n\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"c218f4239a10dd7b0cd4aa24e0a627f9d779d94c"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.17"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208351","number":208351,"mergeCommit":{"message":"[Stack
Monitoring] New FTR for \"view logs\" link (#208351)\n\n##
Summary\n\nCloses https://github.com/elastic/kibana/issues/202675\n\nA
[recent bug](https://github.com/elastic/kibana/issues/199902) broke\nthe
Stack Monitoring UI only if/when logs were present. Functional
test\ncoverage was lacking to detect such a situation.\n\nThis PR adds
some functional test coverage to make sure that the \"View\nlogs\" link
in Stack Monitoring works whenever logs are available,\nwherever logs
can be visible, i.e. in the cluster overview page, the\nnode details
page and the index details page.\n\n### Checklist\n\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"c218f4239a10dd7b0cd4aa24e0a627f9d779d94c"}}]}]
BACKPORT-->

Co-authored-by: Valentin Crettaz <valentin.crettaz@elastic.co>
 2025-03-13 19:11:37 +00:00
Kibana Machine
aed3dfbcaf
[8.18] [Security Solution] Force upgrading to target version for "Reference URLs" when base version is missing (#214161) (#214252) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Force upgrading to target version for "Reference
URLs" when base version is missing
(#214161)](https://github.com/elastic/kibana/pull/214161)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Nikita
Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-03-12T17:41:32Z","message":"[Security
Solution] Force upgrading to target version for \"Reference URLs\" when
base version is missing (#214161)\n\n**Resolves:
https://github.com/elastic/kibana/issues/214171**\n\n## Summary\n\nThis
PR fixes an issue with \"references\" field in -AB situations. When\nthe
base version is missing we try to merge current and target arrays\nwhich
leads to old and potentially broken URLs from the current
version\nending up in the result.\n\nNow the behaviour is changed to
always force merged version to be equal\nto target (which always has
correct
URLs).","sha":"07012811b29b487a3b4a664469c7a198355e44bf","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:medium","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Force upgrading to target version for \"Reference URLs\" when
base version is
missing","number":214161,"url":"https://github.com/elastic/kibana/pull/214161","mergeCommit":{"message":"[Security
Solution] Force upgrading to target version for \"Reference URLs\" when
base version is missing (#214161)\n\n**Resolves:
https://github.com/elastic/kibana/issues/214171**\n\n## Summary\n\nThis
PR fixes an issue with \"references\" field in -AB situations. When\nthe
base version is missing we try to merge current and target arrays\nwhich
leads to old and potentially broken URLs from the current
version\nending up in the result.\n\nNow the behaviour is changed to
always force merged version to be equal\nto target (which always has
correct
URLs).","sha":"07012811b29b487a3b4a664469c7a198355e44bf"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/214161","number":214161,"mergeCommit":{"message":"[Security
Solution] Force upgrading to target version for \"Reference URLs\" when
base version is missing (#214161)\n\n**Resolves:
https://github.com/elastic/kibana/issues/214171**\n\n## Summary\n\nThis
PR fixes an issue with \"references\" field in -AB situations. When\nthe
base version is missing we try to merge current and target arrays\nwhich
leads to old and potentially broken URLs from the current
version\nending up in the result.\n\nNow the behaviour is changed to
always force merged version to be equal\nto target (which always has
correct
URLs).","sha":"07012811b29b487a3b4a664469c7a198355e44bf"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
 2025-03-12 20:45:28 +01:00
Kibana Machine
3ab44d127b
[8.18] [Logs UI] Make logs ui categories page tests more robust (#213834) (#214221) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Logs UI] Make logs ui categories page tests more robust
(#213834)](https://github.com/elastic/kibana/pull/213834)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Felix
Stürmer","email":"weltenwort@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-12T16:08:11Z","message":"[Logs
UI] Make logs ui categories page tests more robust
(#213834)","sha":"3338092efcc707ef7fa80c0ef34d1b23d257193e","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Logs
UI","release_note:skip","backport:all-open","Team:obs-ux-logs","v9.1.0"],"title":"[Logs
UI] Make logs ui categories page tests more
robust","number":213834,"url":"https://github.com/elastic/kibana/pull/213834","mergeCommit":{"message":"[Logs
UI] Make logs ui categories page tests more robust
(#213834)","sha":"3338092efcc707ef7fa80c0ef34d1b23d257193e"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213834","number":213834,"mergeCommit":{"message":"[Logs
UI] Make logs ui categories page tests more robust
(#213834)","sha":"3338092efcc707ef7fa80c0ef34d1b23d257193e"}}]}]
BACKPORT-->

Co-authored-by: Felix Stürmer <weltenwort@users.noreply.github.com>
 2025-03-12 19:23:22 +01:00
David Sánchez
145fc72c5d
[8.18] [Security Solution] [Defend Workflows] Enables skipped tests in 9.0 (#213399) (#214132) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] [Defend Workflows] Enables skipped tests in 9.0
(#213399)](https://github.com/elastic/kibana/pull/213399)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"David
Sánchez","email":"david.sanchezsoler@elastic.co"},"sourceCommit":{"committedDate":"2025-03-12T10:43:40Z","message":"[Security
Solution] [Defend Workflows] Enables skipped tests in 9.0
(#213399)\n\n## Summary\n\nEnables skipped tests in 9.0 and previous
stack versions.\n\ncloses:
https://github.com/elastic/kibana/issues/180401\ncloses:
https://github.com/elastic/kibana/issues/203894\ncloses:
https://github.com/elastic/kibana/issues/205141\ncloses:
https://github.com/elastic/kibana/issues/206204\ncloses:
https://github.com/elastic/kibana/issues/209056\ncloses:
https://github.com/elastic/kibana/issues/209064\ncloses:
https://github.com/elastic/kibana/issues/209063\ncloses:
https://github.com/elastic/kibana/issues/209066\ncloses:
https://github.com/elastic/kibana/issues/209065\n\nThis one will be
tracked in a follow up
pr:\nhttps://github.com/elastic/kibana/issues/203916\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"87e2edd5992399a1d239a01839f23b2e9f8dc63a","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] [Defend Workflows] Enables skipped tests in
9.0","number":213399,"url":"https://github.com/elastic/kibana/pull/213399","mergeCommit":{"message":"[Security
Solution] [Defend Workflows] Enables skipped tests in 9.0
(#213399)\n\n## Summary\n\nEnables skipped tests in 9.0 and previous
stack versions.\n\ncloses:
https://github.com/elastic/kibana/issues/180401\ncloses:
https://github.com/elastic/kibana/issues/203894\ncloses:
https://github.com/elastic/kibana/issues/205141\ncloses:
https://github.com/elastic/kibana/issues/206204\ncloses:
https://github.com/elastic/kibana/issues/209056\ncloses:
https://github.com/elastic/kibana/issues/209064\ncloses:
https://github.com/elastic/kibana/issues/209063\ncloses:
https://github.com/elastic/kibana/issues/209066\ncloses:
https://github.com/elastic/kibana/issues/209065\n\nThis one will be
tracked in a follow up
pr:\nhttps://github.com/elastic/kibana/issues/203916\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"87e2edd5992399a1d239a01839f23b2e9f8dc63a"}},"sourceBranch":"main","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/214129","number":214129,"state":"OPEN"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213399","number":213399,"mergeCommit":{"message":"[Security
Solution] [Defend Workflows] Enables skipped tests in 9.0
(#213399)\n\n## Summary\n\nEnables skipped tests in 9.0 and previous
stack versions.\n\ncloses:
https://github.com/elastic/kibana/issues/180401\ncloses:
https://github.com/elastic/kibana/issues/203894\ncloses:
https://github.com/elastic/kibana/issues/205141\ncloses:
https://github.com/elastic/kibana/issues/206204\ncloses:
https://github.com/elastic/kibana/issues/209056\ncloses:
https://github.com/elastic/kibana/issues/209064\ncloses:
https://github.com/elastic/kibana/issues/209063\ncloses:
https://github.com/elastic/kibana/issues/209066\ncloses:
https://github.com/elastic/kibana/issues/209065\n\nThis one will be
tracked in a follow up
pr:\nhttps://github.com/elastic/kibana/issues/203916\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"87e2edd5992399a1d239a01839f23b2e9f8dc63a"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/214130","number":214130,"state":"OPEN"}]}]
BACKPORT-->
 2025-03-12 14:31:59 +01:00
jennypavlova
836a2536c1
[8.18] [ObsUX] [APM] [OTel] Runtime metrics show dashboards with different ingest path (#211822) (#213534) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[ObsUX] [APM] [OTel] Runtime metrics show dashboards with different
ingest path (#211822)](https://github.com/elastic/kibana/pull/211822)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)
 2025-03-12 13:29:36 +01:00
Kibana Machine
77735ff5a7
[8.18] [Obs AI Assistant] Ensure semantic query contribute to score (#213870) (#214081) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Obs AI Assistant] Ensure semantic query contribute to score
(#213870)](https://github.com/elastic/kibana/pull/213870)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Søren
Louv-Jansen","email":"soren.louv@elastic.co"},"sourceCommit":{"committedDate":"2025-03-12T09:35:39Z","message":"[Obs
AI Assistant] Ensure semantic query contribute to score
(#213870)\n\nCloses
https://github.com/elastic/kibana/issues/213869\n\nRegression introduced
in 8.17\n(https://github.com/elastic/kibana/pull/200184/)\n\n####
**Fix** \nSemantic queries were incorrectly wrapped in a `filter`
context,\npreventing them from contributing to scoring. This PR removes
the\n`filter` wrapper so that semantic queries run in query context
and\ninfluence ranking.\n\nThis also replaces the `semantic` query with
a `match` query. This is\nnecessary because `fieldCaps` api no longer
returns `semantic_text` when\nfiltering with
`GET\nanimals_kb/_field_caps?fields=*&types=semantic_text`. Instead we
need to\nretrieve text fields and perform the search against all of
them.","sha":"5c5b6ebc8a3356e1e8a665b7b89deb4134103343","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","backport:prev-minor","backport:prev-major","Team:Obs
AI Assistant","v9.1.0"],"title":"[Obs AI Assistant] Ensure semantic
query contribute to
score","number":213870,"url":"https://github.com/elastic/kibana/pull/213870","mergeCommit":{"message":"[Obs
AI Assistant] Ensure semantic query contribute to score
(#213870)\n\nCloses
https://github.com/elastic/kibana/issues/213869\n\nRegression introduced
in 8.17\n(https://github.com/elastic/kibana/pull/200184/)\n\n####
**Fix** \nSemantic queries were incorrectly wrapped in a `filter`
context,\npreventing them from contributing to scoring. This PR removes
the\n`filter` wrapper so that semantic queries run in query context
and\ninfluence ranking.\n\nThis also replaces the `semantic` query with
a `match` query. This is\nnecessary because `fieldCaps` api no longer
returns `semantic_text` when\nfiltering with
`GET\nanimals_kb/_field_caps?fields=*&types=semantic_text`. Instead we
need to\nretrieve text fields and perform the search against all of
them.","sha":"5c5b6ebc8a3356e1e8a665b7b89deb4134103343"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213870","number":213870,"mergeCommit":{"message":"[Obs
AI Assistant] Ensure semantic query contribute to score
(#213870)\n\nCloses
https://github.com/elastic/kibana/issues/213869\n\nRegression introduced
in 8.17\n(https://github.com/elastic/kibana/pull/200184/)\n\n####
**Fix** \nSemantic queries were incorrectly wrapped in a `filter`
context,\npreventing them from contributing to scoring. This PR removes
the\n`filter` wrapper so that semantic queries run in query context
and\ninfluence ranking.\n\nThis also replaces the `semantic` query with
a `match` query. This is\nnecessary because `fieldCaps` api no longer
returns `semantic_text` when\nfiltering with
`GET\nanimals_kb/_field_caps?fields=*&types=semantic_text`. Instead we
need to\nretrieve text fields and perform the search against all of
them.","sha":"5c5b6ebc8a3356e1e8a665b7b89deb4134103343"}}]}] BACKPORT-->

Co-authored-by: Søren Louv-Jansen <soren.louv@elastic.co>
 2025-03-12 12:27:23 +01:00
Kibana Machine
9df464f0ca
[8.18] [Security Solution] Enable prebuilt rules customization feature flag (#212761) (#214023) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Enable prebuilt rules customization feature flag
(#212761)](https://github.com/elastic/kibana/pull/212761)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-03-11T21:45:49Z","message":"[Security
Solution] Enable prebuilt rules customization feature flag
(#212761)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/180267\n\n## Summary\n\nThis PR
enables `prebuiltRulesCustomizationEnabled` feature flag.\n\n##
Details\n\nBesides simply enabling `prebuiltRulesCustomizationEnabled`
feature flag the following required changes were done\n\n- failed tests
due enabling the FF were fixed\n- FF setting was removed from test
configurations (integrations and Cypress tests)\n- FF logic was removed
from the codebase. Disabling the FF would require roll back test changes
as well. So just in case we have to disable the FF it's simpler to roll
back the PR's
commit.","sha":"f7d4f19096e0711021b8587fb4d0575998d18f3e","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","impact:high","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Enable prebuilt rules customization feature
flag","number":212761,"url":"https://github.com/elastic/kibana/pull/212761","mergeCommit":{"message":"[Security
Solution] Enable prebuilt rules customization feature flag
(#212761)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/180267\n\n## Summary\n\nThis PR
enables `prebuiltRulesCustomizationEnabled` feature flag.\n\n##
Details\n\nBesides simply enabling `prebuiltRulesCustomizationEnabled`
feature flag the following required changes were done\n\n- failed tests
due enabling the FF were fixed\n- FF setting was removed from test
configurations (integrations and Cypress tests)\n- FF logic was removed
from the codebase. Disabling the FF would require roll back test changes
as well. So just in case we have to disable the FF it's simpler to roll
back the PR's
commit.","sha":"f7d4f19096e0711021b8587fb4d0575998d18f3e"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212761","number":212761,"mergeCommit":{"message":"[Security
Solution] Enable prebuilt rules customization feature flag
(#212761)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/180267\n\n## Summary\n\nThis PR
enables `prebuiltRulesCustomizationEnabled` feature flag.\n\n##
Details\n\nBesides simply enabling `prebuiltRulesCustomizationEnabled`
feature flag the following required changes were done\n\n- failed tests
due enabling the FF were fixed\n- FF setting was removed from test
configurations (integrations and Cypress tests)\n- FF logic was removed
from the codebase. Disabling the FF would require roll back test changes
as well. So just in case we have to disable the FF it's simpler to roll
back the PR's
commit.","sha":"f7d4f19096e0711021b8587fb4d0575998d18f3e"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
 2025-03-12 00:35:52 +01:00
Maxim Palenov
23b758be56
[8.18] [Security Solution] Disallow merging critical rule field values upon rule upgrade when base version is missing (#213757) (#214001) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Disallow merging critical rule field values upon
rule upgrade when base version is missing
#213757](https://github.com/elastic/kibana/pull/213757)
 2025-03-11 22:26:07 +01:00
Kibana Machine
f8e55ed735
[8.18] [Obs AI Assistant] Make KB retrieval namespace specific (#213505) (#213984) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Obs AI Assistant] Make KB retrieval namespace specific
(#213505)](https://github.com/elastic/kibana/pull/213505)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Viduni
Wickramarachchi","email":"viduni.wickramarachchi@elastic.co"},"sourceCommit":{"committedDate":"2025-03-11T17:44:28Z","message":"[Obs
AI Assistant] Make KB retrieval namespace specific (#213505)\n\nCloses
https://github.com/elastic/kibana/issues/213504\n\n## Summary\n\n###
Problem\n\nKB retrievals are not space specific at present. Therefore,
users are\nable to view entries across spaces.\n\n### Solution\n\nFilter
by `namespace` when retrieving KB entries.\n\n### Checklist\n\n- [x]
[Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9b1455c7f7beeddd70d2ecefaa58bd6f5ff8cb0e","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:Obs
AI
Assistant","ci:project-deploy-observability","backport:version","v8.18.0","v9.1.0","v8.19.0","v8.17.4"],"title":"[Obs
AI Assistant] Make KB retrieval namespace specific
","number":213505,"url":"https://github.com/elastic/kibana/pull/213505","mergeCommit":{"message":"[Obs
AI Assistant] Make KB retrieval namespace specific (#213505)\n\nCloses
https://github.com/elastic/kibana/issues/213504\n\n## Summary\n\n###
Problem\n\nKB retrievals are not space specific at present. Therefore,
users are\nable to view entries across spaces.\n\n### Solution\n\nFilter
by `namespace` when retrieving KB entries.\n\n### Checklist\n\n- [x]
[Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9b1455c7f7beeddd70d2ecefaa58bd6f5ff8cb0e"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x","8.17"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213505","number":213505,"mergeCommit":{"message":"[Obs
AI Assistant] Make KB retrieval namespace specific (#213505)\n\nCloses
https://github.com/elastic/kibana/issues/213504\n\n## Summary\n\n###
Problem\n\nKB retrievals are not space specific at present. Therefore,
users are\nable to view entries across spaces.\n\n### Solution\n\nFilter
by `namespace` when retrieving KB entries.\n\n### Checklist\n\n- [x]
[Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9b1455c7f7beeddd70d2ecefaa58bd6f5ff8cb0e"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Viduni Wickramarachchi <viduni.wickramarachchi@elastic.co>
 2025-03-11 20:37:53 +01:00
Matthew Kime
c2705a4d1f
[8.18] [data views] data views + rollup index referenced by alias (#212592) (#213857) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[data views] data views + rollup index referenced by alias
(#212592)](https://github.com/elastic/kibana/pull/212592)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Matthew
Kime","email":"matt@mattki.me"},"sourceCommit":{"committedDate":"2025-03-11T01:16:04Z","message":"[data
views] data views + rollup index referenced by alias (#212592)\n\n##
Summary\n\nUpgrading to 9.x involves reindexing indices created in 7.x,
which does\ninclude rollup indices. Reindexing means relying on aliases
to preserve\nexisting index names. As it turns out, our existing code
did not work\nwith rollups that referenced aliases, rather than indices.
This is\nbecause the index name is used as an object key even if it was
retrieved\nvia alias.\n\n\nNote - I need to verify this on 9.0 from
scratch. I used upgraded data\nand need to verify the steps to make this
work when testing.\n\nTo test\n1. Add sample data\n2. Create a rollup
job that references the sample data. \n3. Create a data view that
references the rollup index. It may take a\nfew minutes for the rollup
index to be populated.\n4. Create an alias from the dev console, like
such - \n\n```\nPOST _aliases\n{\n \"actions\": [\n {\n \"add\": {\n
\"index\": \"rollup\",\n \"alias\": \"my-alias\"\n }\n }\n ]\n}\n```
\n5. Create a rollup data view based in the alias you just
created.\n\nPart of
https://github.com/elastic/kibana/issues/211850\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"5b6dbf2b2711c94cb32a39e6487f95abd128433c","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Feature:Data
Views","Team:Kibana
Management","Feature:Rollups","backport:prev-minor","v9.1.0"],"title":"[data
views] data views + rollup index referenced by
alias","number":212592,"url":"https://github.com/elastic/kibana/pull/212592","mergeCommit":{"message":"[data
views] data views + rollup index referenced by alias (#212592)\n\n##
Summary\n\nUpgrading to 9.x involves reindexing indices created in 7.x,
which does\ninclude rollup indices. Reindexing means relying on aliases
to preserve\nexisting index names. As it turns out, our existing code
did not work\nwith rollups that referenced aliases, rather than indices.
This is\nbecause the index name is used as an object key even if it was
retrieved\nvia alias.\n\n\nNote - I need to verify this on 9.0 from
scratch. I used upgraded data\nand need to verify the steps to make this
work when testing.\n\nTo test\n1. Add sample data\n2. Create a rollup
job that references the sample data. \n3. Create a data view that
references the rollup index. It may take a\nfew minutes for the rollup
index to be populated.\n4. Create an alias from the dev console, like
such - \n\n```\nPOST _aliases\n{\n \"actions\": [\n {\n \"add\": {\n
\"index\": \"rollup\",\n \"alias\": \"my-alias\"\n }\n }\n ]\n}\n```
\n5. Create a rollup data view based in the alias you just
created.\n\nPart of
https://github.com/elastic/kibana/issues/211850\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"5b6dbf2b2711c94cb32a39e6487f95abd128433c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212592","number":212592,"mergeCommit":{"message":"[data
views] data views + rollup index referenced by alias (#212592)\n\n##
Summary\n\nUpgrading to 9.x involves reindexing indices created in 7.x,
which does\ninclude rollup indices. Reindexing means relying on aliases
to preserve\nexisting index names. As it turns out, our existing code
did not work\nwith rollups that referenced aliases, rather than indices.
This is\nbecause the index name is used as an object key even if it was
retrieved\nvia alias.\n\n\nNote - I need to verify this on 9.0 from
scratch. I used upgraded data\nand need to verify the steps to make this
work when testing.\n\nTo test\n1. Add sample data\n2. Create a rollup
job that references the sample data. \n3. Create a data view that
references the rollup index. It may take a\nfew minutes for the rollup
index to be populated.\n4. Create an alias from the dev console, like
such - \n\n```\nPOST _aliases\n{\n \"actions\": [\n {\n \"add\": {\n
\"index\": \"rollup\",\n \"alias\": \"my-alias\"\n }\n }\n ]\n}\n```
\n5. Create a rollup data view based in the alias you just
created.\n\nPart of
https://github.com/elastic/kibana/issues/211850\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"5b6dbf2b2711c94cb32a39e6487f95abd128433c"}},{"url":"https://github.com/elastic/kibana/pull/213852","number":213852,"branch":"9.0","state":"OPEN"}]}]
BACKPORT-->
 2025-03-11 09:12:42 -07:00
Kibana Machine
92d3a3fa76
[8.18] Use search after for finding gaps (#211040) (#213528) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [Use search after for finding gaps
(#211040)](https://github.com/elastic/kibana/pull/211040)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Khristinin
Nikita","email":"nikita.khristinin@elastic.co"},"sourceCommit":{"committedDate":"2025-03-07T09:23:37Z","message":"Use
search after for finding gaps (#211040)\n\n## Use search after for
finding gaps\n\nIssue:
https://github.com/elastic/security-team/issues/11860\n\nTo be able
process more than 10.000 gaps per rule in one update cycle we\nneed to
implement search after loop for all gaps.\n\nFor the API I keep from and
size method, as it's much for client to use.\n\n<img width=\"1250\"
alt=\"Screenshot 2025-02-17 at 15 25
27\"\nsrc=\"https://github.com/user-attachments/assets/806b2245-8aad-4960-84f4-d2a2818a4a12\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"b0ad5424b28f2667f05c7d2ac5560adc4d62af28","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:prev-minor","backport:version","v8.18.0","v9.1.0"],"title":"Use
search after for finding
gaps","number":211040,"url":"https://github.com/elastic/kibana/pull/211040","mergeCommit":{"message":"Use
search after for finding gaps (#211040)\n\n## Use search after for
finding gaps\n\nIssue:
https://github.com/elastic/security-team/issues/11860\n\nTo be able
process more than 10.000 gaps per rule in one update cycle we\nneed to
implement search after loop for all gaps.\n\nFor the API I keep from and
size method, as it's much for client to use.\n\n<img width=\"1250\"
alt=\"Screenshot 2025-02-17 at 15 25
27\"\nsrc=\"https://github.com/user-attachments/assets/806b2245-8aad-4960-84f4-d2a2818a4a12\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"b0ad5424b28f2667f05c7d2ac5560adc4d62af28"}},"sourceBranch":"main","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211040","number":211040,"mergeCommit":{"message":"Use
search after for finding gaps (#211040)\n\n## Use search after for
finding gaps\n\nIssue:
https://github.com/elastic/security-team/issues/11860\n\nTo be able
process more than 10.000 gaps per rule in one update cycle we\nneed to
implement search after loop for all gaps.\n\nFor the API I keep from and
size method, as it's much for client to use.\n\n<img width=\"1250\"
alt=\"Screenshot 2025-02-17 at 15 25
27\"\nsrc=\"https://github.com/user-attachments/assets/806b2245-8aad-4960-84f4-d2a2818a4a12\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"b0ad5424b28f2667f05c7d2ac5560adc4d62af28"}}]}]
BACKPORT-->

---------

Co-authored-by: Khristinin Nikita <nikita.khristinin@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Nikita Khristinin <nkhristinin@gmail.com>
 2025-03-11 13:59:35 +01:00
Cauê Marcondes
74e4ea6c2e
[8.18] [APM] Breakdown Top dependencies API (#211441) (#213791) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[APM] Breakdown Top dependencies API
(#211441)](https://github.com/elastic/kibana/pull/211441)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Cauê
Marcondes","email":"55978943+cauemarcondes@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-10T16:24:37Z","message":"[APM]
Breakdown Top dependencies API (#211441)\n\ncloses
https://github.com/elastic/kibana/issues/210552\n\nBefore:\n- Top
dependencies API returned baseline and comparison timeseries
data.\n\n<img width=\"1208\" alt=\"Screenshot 2025-02-14 at 14 27
28\"\nsrc=\"https://github.com/user-attachments/assets/f7770395-0575-4950-9acd-8808de5794b7\"\n/>\n\n\nAfter:\n-
Removing timeseries and comparison data.\n- The API is ~2s faster than
before.\n- Response size is also smaller after removing the timeseries
data.\n\n<img width=\"1203\" alt=\"Screenshot 2025-02-14 at 14 26
34\"\nsrc=\"https://github.com/user-attachments/assets/5bd2ed09-1d2e-4ef1-8e55-6c3e9fba6348\"\n/>\n\nCreated
a new API:
`POST\n/internal/apm/dependencies/top_dependencies/statistics` to fetch
the\nstatistics for the visible
dependencies.\n\n---------\n\nCo-authored-by: Carlos Crespo
<crespocarlos@users.noreply.github.com>\nCo-authored-by: Milosz
Marcinkowski
<38698566+miloszmarcinkowski@users.noreply.github.com>","sha":"a6fd5b7e101b7e0d13b15220a247d4a29e5c0405","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:prev-minor","backport:prev-major","Team:obs-ux-infra_services","v9.1.0"],"title":"[APM]
Breakdown Top dependencies
API","number":211441,"url":"https://github.com/elastic/kibana/pull/211441","mergeCommit":{"message":"[APM]
Breakdown Top dependencies API (#211441)\n\ncloses
https://github.com/elastic/kibana/issues/210552\n\nBefore:\n- Top
dependencies API returned baseline and comparison timeseries
data.\n\n<img width=\"1208\" alt=\"Screenshot 2025-02-14 at 14 27
28\"\nsrc=\"https://github.com/user-attachments/assets/f7770395-0575-4950-9acd-8808de5794b7\"\n/>\n\n\nAfter:\n-
Removing timeseries and comparison data.\n- The API is ~2s faster than
before.\n- Response size is also smaller after removing the timeseries
data.\n\n<img width=\"1203\" alt=\"Screenshot 2025-02-14 at 14 26
34\"\nsrc=\"https://github.com/user-attachments/assets/5bd2ed09-1d2e-4ef1-8e55-6c3e9fba6348\"\n/>\n\nCreated
a new API:
`POST\n/internal/apm/dependencies/top_dependencies/statistics` to fetch
the\nstatistics for the visible
dependencies.\n\n---------\n\nCo-authored-by: Carlos Crespo
<crespocarlos@users.noreply.github.com>\nCo-authored-by: Milosz
Marcinkowski
<38698566+miloszmarcinkowski@users.noreply.github.com>","sha":"a6fd5b7e101b7e0d13b15220a247d4a29e5c0405"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211441","number":211441,"mergeCommit":{"message":"[APM]
Breakdown Top dependencies API (#211441)\n\ncloses
https://github.com/elastic/kibana/issues/210552\n\nBefore:\n- Top
dependencies API returned baseline and comparison timeseries
data.\n\n<img width=\"1208\" alt=\"Screenshot 2025-02-14 at 14 27
28\"\nsrc=\"https://github.com/user-attachments/assets/f7770395-0575-4950-9acd-8808de5794b7\"\n/>\n\n\nAfter:\n-
Removing timeseries and comparison data.\n- The API is ~2s faster than
before.\n- Response size is also smaller after removing the timeseries
data.\n\n<img width=\"1203\" alt=\"Screenshot 2025-02-14 at 14 26
34\"\nsrc=\"https://github.com/user-attachments/assets/5bd2ed09-1d2e-4ef1-8e55-6c3e9fba6348\"\n/>\n\nCreated
a new API:
`POST\n/internal/apm/dependencies/top_dependencies/statistics` to fetch
the\nstatistics for the visible
dependencies.\n\n---------\n\nCo-authored-by: Carlos Crespo
<crespocarlos@users.noreply.github.com>\nCo-authored-by: Milosz
Marcinkowski
<38698566+miloszmarcinkowski@users.noreply.github.com>","sha":"a6fd5b7e101b7e0d13b15220a247d4a29e5c0405"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2025-03-11 13:29:39 +01:00
Kibana Machine
6bd8542e02
[8.18] [APM] Fix service maps when root transaction has a parent.id (#212998) (#213764) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[APM] Fix service maps when root transaction has a parent.id
(#212998)](https://github.com/elastic/kibana/pull/212998)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Carlos
Crespo","email":"crespocarlos@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-10T14:57:54Z","message":"[APM]
Fix service maps when root transaction has a parent.id
(#212998)\n\nfixes
[212931](https://github.com/elastic/kibana/issues/212931)\n\n##
Summary\n\n>[!WARNING]\n> This can only be merged
after\nhttps://github.com/elastic/elasticsearch-serverless/pull/3579.
Service\nmap tests running against serverless will fail until the
aforementioned\nPR gets merged and deployed. It should happen
Thursday/Friday next week\n(13/14 Feb)\n\nFixes a bug on the service map
causing it not to build the paths when\nthe root transaction of the
trace had a `parent.id`\n\nGlobal service map\n| Before | After
|\n|--------|------|\n|<img width=\"599\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/cce72dea-822b-46e2-938c-65ec3f4600da\"\n/>|<img
width=\"599\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/68b344fb-2e75-46b8-9401-9fce08bfb860\"\n/>|\n\n\n`Ad`
service map\n\n| Before | After |\n|--------|------|\n|<img
width=\"1469\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e960a390-4a38-43d5-9445-853ced34bb15\"\n/>|<img
width=\"1459\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/566e3cf0-3805-4bf2-a511-fffed3480332\"\n/>|\n\n\n###
How to test\n- Connect to an `edge-obl` cluster\n- Navigate the
Application > Services inventory > Service Map\n- Inspect the service
map of the `Ad` service\n\n---------\n\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"4a67b8b3af26ea8d7f5c97e6933437122873599f","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","backport:prev-minor","backport:prev-major","Team:obs-ux-infra_services","v9.1.0"],"title":"[APM]
Fix service maps when root transaction has a
parent.id","number":212998,"url":"https://github.com/elastic/kibana/pull/212998","mergeCommit":{"message":"[APM]
Fix service maps when root transaction has a parent.id
(#212998)\n\nfixes
[212931](https://github.com/elastic/kibana/issues/212931)\n\n##
Summary\n\n>[!WARNING]\n> This can only be merged
after\nhttps://github.com/elastic/elasticsearch-serverless/pull/3579.
Service\nmap tests running against serverless will fail until the
aforementioned\nPR gets merged and deployed. It should happen
Thursday/Friday next week\n(13/14 Feb)\n\nFixes a bug on the service map
causing it not to build the paths when\nthe root transaction of the
trace had a `parent.id`\n\nGlobal service map\n| Before | After
|\n|--------|------|\n|<img width=\"599\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/cce72dea-822b-46e2-938c-65ec3f4600da\"\n/>|<img
width=\"599\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/68b344fb-2e75-46b8-9401-9fce08bfb860\"\n/>|\n\n\n`Ad`
service map\n\n| Before | After |\n|--------|------|\n|<img
width=\"1469\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e960a390-4a38-43d5-9445-853ced34bb15\"\n/>|<img
width=\"1459\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/566e3cf0-3805-4bf2-a511-fffed3480332\"\n/>|\n\n\n###
How to test\n- Connect to an `edge-obl` cluster\n- Navigate the
Application > Services inventory > Service Map\n- Inspect the service
map of the `Ad` service\n\n---------\n\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"4a67b8b3af26ea8d7f5c97e6933437122873599f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212998","number":212998,"mergeCommit":{"message":"[APM]
Fix service maps when root transaction has a parent.id
(#212998)\n\nfixes
[212931](https://github.com/elastic/kibana/issues/212931)\n\n##
Summary\n\n>[!WARNING]\n> This can only be merged
after\nhttps://github.com/elastic/elasticsearch-serverless/pull/3579.
Service\nmap tests running against serverless will fail until the
aforementioned\nPR gets merged and deployed. It should happen
Thursday/Friday next week\n(13/14 Feb)\n\nFixes a bug on the service map
causing it not to build the paths when\nthe root transaction of the
trace had a `parent.id`\n\nGlobal service map\n| Before | After
|\n|--------|------|\n|<img width=\"599\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/cce72dea-822b-46e2-938c-65ec3f4600da\"\n/>|<img
width=\"599\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/68b344fb-2e75-46b8-9401-9fce08bfb860\"\n/>|\n\n\n`Ad`
service map\n\n| Before | After |\n|--------|------|\n|<img
width=\"1469\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e960a390-4a38-43d5-9445-853ced34bb15\"\n/>|<img
width=\"1459\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/566e3cf0-3805-4bf2-a511-fffed3480332\"\n/>|\n\n\n###
How to test\n- Connect to an `edge-obl` cluster\n- Navigate the
Application > Services inventory > Service Map\n- Inspect the service
map of the `Ad` service\n\n---------\n\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"4a67b8b3af26ea8d7f5c97e6933437122873599f"}}]}]
BACKPORT-->

Co-authored-by: Carlos Crespo <crespocarlos@users.noreply.github.com>
 2025-03-10 18:00:56 +01:00
Kibana Machine
dea50bff23
[8.18] [Security Assistant] Fix use default inference endpoint (#212191) (#213182) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Assistant] Fix use default inference endpoint
(#212191)](https://github.com/elastic/kibana/pull/212191)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Patryk
Kopyciński","email":"contact@patrykkopycinski.com"},"sourceCommit":{"committedDate":"2025-03-05T01:14:08Z","message":"[Security
Assistant] Fix use default inference endpoint (#212191)\n\n##
Summary\n\nRemoves internal feature flag responsible for switching to
Kibana's\ninternal inference endpoint instead of using a dedicated
one.\n\nHow to test:\n\n**Clean cluster:**\n**1. Setup KB**\n**2. Make
sure the `.kibana-elastic-ai-assistant-knowledge-base-*` Data\nStream is
using default Inference
endpoint**\n```\nhttp://localhost:5601/app/management/data/index_management/component_templates/.kibana-elastic-ai-assistant-component-template-knowledge-base\n```\n<img
width=\"1656\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/84fda205-6272-4393-8f7d-a449fae2a090\"\n/>\n\n<img
width=\"1086\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/19e562ec-da5f-4ec2-ab64-7bfb1d64789c\"\n/>\n\n**3.
Make sure there is no inference endpoint on the list**\n<img
width=\"1875\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/3465df8b-7c0d-4faf-b113-df897694521e\"\n/>\n\n**4.
Make sure Security Labs content exists on KB list and you can add\nand
edit Document/Index
entry\n```\nhttp://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base\n```\n\nMigration:\n**1.
Setup KB on at least 2 Kibana spaces on `main` branch**\n**2. Switch to
this PR's branch and start Kibana**\n**3. Make sure there is no
inference endpoint on the
list**\n```\nhttp://localhost:5601/app/elasticsearch/relevance/inference_endpoints\n```\n<img
width=\"1875\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/3465df8b-7c0d-4faf-b113-df897694521e\"\n/>\n\n**4.
Make sure that the Data stream was rolled
over**\n```\nhttp://localhost:5601/app/management/data/index_management/indices?filter=know&includeHiddenIndices=true\n```\nShould
see two indices per Kibana space:\n<img width=\"1741\" alt=\"Zrzut
ekranu 2025-03-3 o 15 37
55\"\nsrc=\"https://github.com/user-attachments/assets/e6da48c8-59e9-43b8-8eac-c2b5e0059954\"\n/>\n\nThe
older index per space should have mapping:\n<img width=\"1083\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/01f6e422-77d1-4f8b-8b7e-9c541a7ea47c\"\n/>\n\nNewer
index per space:\n<img width=\"1086\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/19e562ec-da5f-4ec2-ab64-7bfb1d64789c\"\n/>\n\n**4.
Make sure Security Labs content exists on KB list and you can add\nand
edit Document/Index
entry\n```\nhttp://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base\n```\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"5e742f042559eee067f71adeb1f1523b2197f3b3","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","ci:cloud-deploy","Feature:Security
Assistant","ci:project-deploy-security","Team:Security Generative
AI","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Assistant] Fix use default inference
endpoint","number":212191,"url":"https://github.com/elastic/kibana/pull/212191","mergeCommit":{"message":"[Security
Assistant] Fix use default inference endpoint (#212191)\n\n##
Summary\n\nRemoves internal feature flag responsible for switching to
Kibana's\ninternal inference endpoint instead of using a dedicated
one.\n\nHow to test:\n\n**Clean cluster:**\n**1. Setup KB**\n**2. Make
sure the `.kibana-elastic-ai-assistant-knowledge-base-*` Data\nStream is
using default Inference
endpoint**\n```\nhttp://localhost:5601/app/management/data/index_management/component_templates/.kibana-elastic-ai-assistant-component-template-knowledge-base\n```\n<img
width=\"1656\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/84fda205-6272-4393-8f7d-a449fae2a090\"\n/>\n\n<img
width=\"1086\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/19e562ec-da5f-4ec2-ab64-7bfb1d64789c\"\n/>\n\n**3.
Make sure there is no inference endpoint on the list**\n<img
width=\"1875\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/3465df8b-7c0d-4faf-b113-df897694521e\"\n/>\n\n**4.
Make sure Security Labs content exists on KB list and you can add\nand
edit Document/Index
entry\n```\nhttp://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base\n```\n\nMigration:\n**1.
Setup KB on at least 2 Kibana spaces on `main` branch**\n**2. Switch to
this PR's branch and start Kibana**\n**3. Make sure there is no
inference endpoint on the
list**\n```\nhttp://localhost:5601/app/elasticsearch/relevance/inference_endpoints\n```\n<img
width=\"1875\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/3465df8b-7c0d-4faf-b113-df897694521e\"\n/>\n\n**4.
Make sure that the Data stream was rolled
over**\n```\nhttp://localhost:5601/app/management/data/index_management/indices?filter=know&includeHiddenIndices=true\n```\nShould
see two indices per Kibana space:\n<img width=\"1741\" alt=\"Zrzut
ekranu 2025-03-3 o 15 37
55\"\nsrc=\"https://github.com/user-attachments/assets/e6da48c8-59e9-43b8-8eac-c2b5e0059954\"\n/>\n\nThe
older index per space should have mapping:\n<img width=\"1083\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/01f6e422-77d1-4f8b-8b7e-9c541a7ea47c\"\n/>\n\nNewer
index per space:\n<img width=\"1086\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/19e562ec-da5f-4ec2-ab64-7bfb1d64789c\"\n/>\n\n**4.
Make sure Security Labs content exists on KB list and you can add\nand
edit Document/Index
entry\n```\nhttp://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base\n```\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"5e742f042559eee067f71adeb1f1523b2197f3b3"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212191","number":212191,"mergeCommit":{"message":"[Security
Assistant] Fix use default inference endpoint (#212191)\n\n##
Summary\n\nRemoves internal feature flag responsible for switching to
Kibana's\ninternal inference endpoint instead of using a dedicated
one.\n\nHow to test:\n\n**Clean cluster:**\n**1. Setup KB**\n**2. Make
sure the `.kibana-elastic-ai-assistant-knowledge-base-*` Data\nStream is
using default Inference
endpoint**\n```\nhttp://localhost:5601/app/management/data/index_management/component_templates/.kibana-elastic-ai-assistant-component-template-knowledge-base\n```\n<img
width=\"1656\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/84fda205-6272-4393-8f7d-a449fae2a090\"\n/>\n\n<img
width=\"1086\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/19e562ec-da5f-4ec2-ab64-7bfb1d64789c\"\n/>\n\n**3.
Make sure there is no inference endpoint on the list**\n<img
width=\"1875\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/3465df8b-7c0d-4faf-b113-df897694521e\"\n/>\n\n**4.
Make sure Security Labs content exists on KB list and you can add\nand
edit Document/Index
entry\n```\nhttp://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base\n```\n\nMigration:\n**1.
Setup KB on at least 2 Kibana spaces on `main` branch**\n**2. Switch to
this PR's branch and start Kibana**\n**3. Make sure there is no
inference endpoint on the
list**\n```\nhttp://localhost:5601/app/elasticsearch/relevance/inference_endpoints\n```\n<img
width=\"1875\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/3465df8b-7c0d-4faf-b113-df897694521e\"\n/>\n\n**4.
Make sure that the Data stream was rolled
over**\n```\nhttp://localhost:5601/app/management/data/index_management/indices?filter=know&includeHiddenIndices=true\n```\nShould
see two indices per Kibana space:\n<img width=\"1741\" alt=\"Zrzut
ekranu 2025-03-3 o 15 37
55\"\nsrc=\"https://github.com/user-attachments/assets/e6da48c8-59e9-43b8-8eac-c2b5e0059954\"\n/>\n\nThe
older index per space should have mapping:\n<img width=\"1083\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/01f6e422-77d1-4f8b-8b7e-9c541a7ea47c\"\n/>\n\nNewer
index per space:\n<img width=\"1086\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/19e562ec-da5f-4ec2-ab64-7bfb1d64789c\"\n/>\n\n**4.
Make sure Security Labs content exists on KB list and you can add\nand
edit Document/Index
entry\n```\nhttp://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base\n```\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"5e742f042559eee067f71adeb1f1523b2197f3b3"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
Co-authored-by: Patryk Kopycinski <patryk.kopycinski@elastic.co>
 2025-03-08 19:31:04 +01:00
Kibana Machine
3023b46d31 skip failing test suite (#208749) 2025-03-08 04:21:48 +11:00
Kibana Machine
fbcc7e368e skip failing test suite (#207045) 2025-03-08 03:57:58 +11:00
Michael Olorunnisola
78622a6521
[8.18] [Bug][Security Solution] - Reliably persist dataview selections for timeline (#211343) (#213490) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Bug][Security Solution] - Reliably persist dataview selections for
timeline (#211343)](https://github.com/elastic/kibana/pull/211343)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Michael
Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2025-03-06T21:09:22Z","message":"[Bug][Security
Solution] - Reliably persist dataview selections for timeline
(#211343)\n\nresolves
https://github.com/elastic/kibana/issues/198944\n\n##
Summary\n\nCurrently, the redux store can become out of sync with the
state in the\nUI, leading to the selected dataview not being preserved
in the store,\nand thereby not being saved when the timeline is saved.
This PR sets the\nselected dataview and patterns at the point of saving
to ensure that\nthey are set and not overriden.\n\nFor additional
background, see referenced
issues.","sha":"4abf1a151e9b10a02a633a5f9e88607a55e3f4ba","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Threat
Hunting:Investigations","backport:version","v8.18.0","v9.1.0","v8.19.0","v8.16.6","v8.17.4"],"title":"[Bug][Security
Solution] - Reliably persist dataview selections for
timeline","number":211343,"url":"https://github.com/elastic/kibana/pull/211343","mergeCommit":{"message":"[Bug][Security
Solution] - Reliably persist dataview selections for timeline
(#211343)\n\nresolves
https://github.com/elastic/kibana/issues/198944\n\n##
Summary\n\nCurrently, the redux store can become out of sync with the
state in the\nUI, leading to the selected dataview not being preserved
in the store,\nand thereby not being saved when the timeline is saved.
This PR sets the\nselected dataview and patterns at the point of saving
to ensure that\nthey are set and not overriden.\n\nFor additional
background, see referenced
issues.","sha":"4abf1a151e9b10a02a633a5f9e88607a55e3f4ba"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/213488","number":213488,"state":"OPEN"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211343","number":211343,"mergeCommit":{"message":"[Bug][Security
Solution] - Reliably persist dataview selections for timeline
(#211343)\n\nresolves
https://github.com/elastic/kibana/issues/198944\n\n##
Summary\n\nCurrently, the redux store can become out of sync with the
state in the\nUI, leading to the selected dataview not being preserved
in the store,\nand thereby not being saved when the timeline is saved.
This PR sets the\nselected dataview and patterns at the point of saving
to ensure that\nthey are set and not overriden.\n\nFor additional
background, see referenced
issues.","sha":"4abf1a151e9b10a02a633a5f9e88607a55e3f4ba"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-03-07 08:21:54 +01:00
Kibana Machine
6d4f56c2d9
[8.18] [Security Solution] Account for missing base rule versions in is_customized calculation (#213250) (#213460) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Account for missing base rule versions in
is_customized calculation
(#213250)](https://github.com/elastic/kibana/pull/213250)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Dmitrii
Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2025-03-06T18:22:17Z","message":"[Security
Solution] Account for missing base rule versions in is_customized
calculation (#213250)\n\n**Partially addresses:
https://github.com/elastic/kibana/issues/210358**\n\n## Summary\n\n###
Editing of prebuilt rules with missing base versions\n\n**When the base
version** of a currently installed prebuilt rule **is missing** among
the `security-rule` asset saved objects, and the user edits this
rule:\n\n- We should mark the rule as customized, only if the new rule
settings are different from the current rule settings.\n - For example,
adding a new tag should mark the rule as customized. Then, if the user
removes this tag, the rule should remain to be marked as customized.
This matches the current behavior.\n - However, if the user saves the
rule without making any changes to it, it should keep its
`is_customized` field as is. This is different from the current
behavior.\n\n### Importing of prebuilt rules with missing base
versions\n\n**When the base version** of a prebuilt rule that is being
imported **is missing** among the `security-rule` asset saved objects,
and the user imports this rule:\n\n- If this rule is not installed, it
should be created with `is_customized` field set to `false`.\n- If this
rule is already installed, it should be updated.\n - Its `is_customized`
field should be set to `true` if the rule from the import payload is not
equal to the installed rule.\n - Its `is_customized` field should be be
kept unchanged (`false` or `true`) if the rule from the import payload
is equal to the installed
rule.","sha":"87e7cd94d1d649596dc0f23bf4cf730704fb4845","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Account for missing base rule versions in is_customized
calculation","number":213250,"url":"https://github.com/elastic/kibana/pull/213250","mergeCommit":{"message":"[Security
Solution] Account for missing base rule versions in is_customized
calculation (#213250)\n\n**Partially addresses:
https://github.com/elastic/kibana/issues/210358**\n\n## Summary\n\n###
Editing of prebuilt rules with missing base versions\n\n**When the base
version** of a currently installed prebuilt rule **is missing** among
the `security-rule` asset saved objects, and the user edits this
rule:\n\n- We should mark the rule as customized, only if the new rule
settings are different from the current rule settings.\n - For example,
adding a new tag should mark the rule as customized. Then, if the user
removes this tag, the rule should remain to be marked as customized.
This matches the current behavior.\n - However, if the user saves the
rule without making any changes to it, it should keep its
`is_customized` field as is. This is different from the current
behavior.\n\n### Importing of prebuilt rules with missing base
versions\n\n**When the base version** of a prebuilt rule that is being
imported **is missing** among the `security-rule` asset saved objects,
and the user imports this rule:\n\n- If this rule is not installed, it
should be created with `is_customized` field set to `false`.\n- If this
rule is already installed, it should be updated.\n - Its `is_customized`
field should be set to `true` if the rule from the import payload is not
equal to the installed rule.\n - Its `is_customized` field should be be
kept unchanged (`false` or `true`) if the rule from the import payload
is equal to the installed
rule.","sha":"87e7cd94d1d649596dc0f23bf4cf730704fb4845"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213250","number":213250,"mergeCommit":{"message":"[Security
Solution] Account for missing base rule versions in is_customized
calculation (#213250)\n\n**Partially addresses:
https://github.com/elastic/kibana/issues/210358**\n\n## Summary\n\n###
Editing of prebuilt rules with missing base versions\n\n**When the base
version** of a currently installed prebuilt rule **is missing** among
the `security-rule` asset saved objects, and the user edits this
rule:\n\n- We should mark the rule as customized, only if the new rule
settings are different from the current rule settings.\n - For example,
adding a new tag should mark the rule as customized. Then, if the user
removes this tag, the rule should remain to be marked as customized.
This matches the current behavior.\n - However, if the user saves the
rule without making any changes to it, it should keep its
`is_customized` field as is. This is different from the current
behavior.\n\n### Importing of prebuilt rules with missing base
versions\n\n**When the base version** of a prebuilt rule that is being
imported **is missing** among the `security-rule` asset saved objects,
and the user imports this rule:\n\n- If this rule is not installed, it
should be created with `is_customized` field set to `false`.\n- If this
rule is already installed, it should be updated.\n - Its `is_customized`
field should be set to `true` if the rule from the import payload is not
equal to the installed rule.\n - Its `is_customized` field should be be
kept unchanged (`false` or `true`) if the rule from the import payload
is equal to the installed
rule.","sha":"87e7cd94d1d649596dc0f23bf4cf730704fb4845"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Dmitrii Shevchenko <dmitrii.shevchenko@elastic.co>
 2025-03-06 21:27:22 +01:00
Kibana Machine
b38b24112b
[8.18] [Security Solution] Allow prebuilt rules import and export (#212509) (#213419) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Allow prebuilt rules import and export
(#212509)](https://github.com/elastic/kibana/pull/212509)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Nikita
Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-03-06T15:58:33Z","message":"[Security
Solution] Allow prebuilt rules import and export
(#212509)\n\n**Resolves:
https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis
PR implements following changes and adds API integration tests
for\nthem:\n- [x] Users with any license can export prebuilt rules (with
enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can
import prebuilt rules only\nif they are non-customized and the feature
flag is enabled\n- [x] Users with Enterprise/Complete license can import
prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create
4 separate runs to test all
configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection Rules","Feature:Rule
Import/Export","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Allow prebuilt rules import and
export","number":212509,"url":"https://github.com/elastic/kibana/pull/212509","mergeCommit":{"message":"[Security
Solution] Allow prebuilt rules import and export
(#212509)\n\n**Resolves:
https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis
PR implements following changes and adds API integration tests
for\nthem:\n- [x] Users with any license can export prebuilt rules (with
enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can
import prebuilt rules only\nif they are non-customized and the feature
flag is enabled\n- [x] Users with Enterprise/Complete license can import
prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create
4 separate runs to test all
configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212509","number":212509,"mergeCommit":{"message":"[Security
Solution] Allow prebuilt rules import and export
(#212509)\n\n**Resolves:
https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis
PR implements following changes and adds API integration tests
for\nthem:\n- [x] Users with any license can export prebuilt rules (with
enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can
import prebuilt rules only\nif they are non-customized and the feature
flag is enabled\n- [x] Users with Enterprise/Complete license can import
prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create
4 separate runs to test all
configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
 2025-03-06 18:53:47 +01:00
Kibana Machine
4ecc213db9
[8.18] [Siem Migrations] GET /integrations integration Test (#213251) (#213356) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Siem Migrations] `GET /integrations` integration Test
(#213251)](https://github.com/elastic/kibana/pull/213251)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jatin
Kathuria","email":"jatin.kathuria@elastic.co"},"sourceCommit":{"committedDate":"2025-03-06T11:19:28Z","message":"[Siem
Migrations] `GET /integrations` integration Test (#213251)\n\n##
Summary\n\nAdds a smoke test for `GET /integrations`
endpoint.\n\nHandles\n\n-
https://github.com/elastic/security-team/issues/11232","sha":"60a9ac4f45b042884268387e5c34288e175057db","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Siem
Migrations] `GET /integrations` integration
Test","number":213251,"url":"https://github.com/elastic/kibana/pull/213251","mergeCommit":{"message":"[Siem
Migrations] `GET /integrations` integration Test (#213251)\n\n##
Summary\n\nAdds a smoke test for `GET /integrations`
endpoint.\n\nHandles\n\n-
https://github.com/elastic/security-team/issues/11232","sha":"60a9ac4f45b042884268387e5c34288e175057db"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213251","number":213251,"mergeCommit":{"message":"[Siem
Migrations] `GET /integrations` integration Test (#213251)\n\n##
Summary\n\nAdds a smoke test for `GET /integrations`
endpoint.\n\nHandles\n\n-
https://github.com/elastic/security-team/issues/11232","sha":"60a9ac4f45b042884268387e5c34288e175057db"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
 2025-03-06 17:35:49 +01:00
Kibana Machine
fc72350d24
[8.18] [Lens] Do not crash when editing a Lens chart with a by reference annotation layer (#213090) (#213366) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Lens] Do not crash when editing a Lens chart with a by reference
annotation layer
(#213090)](https://github.com/elastic/kibana/pull/213090)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Marco
Liberati","email":"dej611@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-06T11:44:30Z","message":"[Lens]
Do not crash when editing a Lens chart with a by reference annotation
layer (#213090)\n\n## Summary\n\nFixes #212917\n\nThe root problem is
belongs into the annotation layer logic to produce\nthe reference id for
the persisted saved object.\nIn the previous logic a new `uuid` was
generated all the time leading to\na continuous flow of `setState` calls
to update the \"runtime\" state of\nthe Lens object when inline editing:
the fix was to produce a stable id\nin the `extractReferences` logic to
avoid the re-renders.\nThe logic has been tweaked a bit now with some
extra explanations inline\nto make it more understandable.\n\nNew tests
have been added to smoke test this scenario.\n\n### Checklist\n\nCheck
the PR satisfies following conditions. \n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: Nick Partridge
<nick.ryan.partridge@gmail.com>","sha":"48926e5173ebec2444a3ec6f244bbadb42eab3b0","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Visualizations","Feature:Lens","backport:version","v8.18.0","v9.1.0"],"title":"[Lens]
Do not crash when editing a Lens chart with a by reference annotation
layer","number":213090,"url":"https://github.com/elastic/kibana/pull/213090","mergeCommit":{"message":"[Lens]
Do not crash when editing a Lens chart with a by reference annotation
layer (#213090)\n\n## Summary\n\nFixes #212917\n\nThe root problem is
belongs into the annotation layer logic to produce\nthe reference id for
the persisted saved object.\nIn the previous logic a new `uuid` was
generated all the time leading to\na continuous flow of `setState` calls
to update the \"runtime\" state of\nthe Lens object when inline editing:
the fix was to produce a stable id\nin the `extractReferences` logic to
avoid the re-renders.\nThe logic has been tweaked a bit now with some
extra explanations inline\nto make it more understandable.\n\nNew tests
have been added to smoke test this scenario.\n\n### Checklist\n\nCheck
the PR satisfies following conditions. \n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: Nick Partridge
<nick.ryan.partridge@gmail.com>","sha":"48926e5173ebec2444a3ec6f244bbadb42eab3b0"}},"sourceBranch":"main","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213090","number":213090,"mergeCommit":{"message":"[Lens]
Do not crash when editing a Lens chart with a by reference annotation
layer (#213090)\n\n## Summary\n\nFixes #212917\n\nThe root problem is
belongs into the annotation layer logic to produce\nthe reference id for
the persisted saved object.\nIn the previous logic a new `uuid` was
generated all the time leading to\na continuous flow of `setState` calls
to update the \"runtime\" state of\nthe Lens object when inline editing:
the fix was to produce a stable id\nin the `extractReferences` logic to
avoid the re-renders.\nThe logic has been tweaked a bit now with some
extra explanations inline\nto make it more understandable.\n\nNew tests
have been added to smoke test this scenario.\n\n### Checklist\n\nCheck
the PR satisfies following conditions. \n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios\n\n---------\n\nCo-authored-by: Nick Partridge
<nick.ryan.partridge@gmail.com>","sha":"48926e5173ebec2444a3ec6f244bbadb42eab3b0"}}]}]
BACKPORT-->

Co-authored-by: Marco Liberati <dej611@users.noreply.github.com>
 2025-03-06 15:06:14 +01:00
Sandra G
a58c444198
[8.18] [Obs AI Assistant] fix flaky test and add back test in settings (#213196) (#213318) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Obs AI Assistant] fix flaky test and add back test in settings
(#213196)](https://github.com/elastic/kibana/pull/213196)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Sandra
G","email":"neptunian@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-05T16:46:02Z","message":"[Obs
AI Assistant] fix flaky test and add back test in settings
(#213196)\n\n## Summary\n\nCloses
https://github.com/elastic/kibana/issues/191707\n\nSummarize your PR. If
it involves visual changes include a screenshot or\ngif.\n\n- Fixes
flaky test`allows updating of an advanced setting` by making\nsure to
wait for page refresh\n- Adds back test to check for toast on
error\nhttps://github.com/elastic/kibana/pull/191531\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Søren
Louv-Jansen
<sorenlouv@gmail.com>","sha":"bccbb933c0e2dea4c4d23c7174bbe0be638db252","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:all-open","Team:Obs
AI
Assistant","ci:project-deploy-observability","v9.1.0","v8.16.6"],"title":"[Obs
AI Assistant] fix flaky test and add back test in
settings","number":213196,"url":"https://github.com/elastic/kibana/pull/213196","mergeCommit":{"message":"[Obs
AI Assistant] fix flaky test and add back test in settings
(#213196)\n\n## Summary\n\nCloses
https://github.com/elastic/kibana/issues/191707\n\nSummarize your PR. If
it involves visual changes include a screenshot or\ngif.\n\n- Fixes
flaky test`allows updating of an advanced setting` by making\nsure to
wait for page refresh\n- Adds back test to check for toast on
error\nhttps://github.com/elastic/kibana/pull/191531\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Søren
Louv-Jansen
<sorenlouv@gmail.com>","sha":"bccbb933c0e2dea4c4d23c7174bbe0be638db252"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213196","number":213196,"mergeCommit":{"message":"[Obs
AI Assistant] fix flaky test and add back test in settings
(#213196)\n\n## Summary\n\nCloses
https://github.com/elastic/kibana/issues/191707\n\nSummarize your PR. If
it involves visual changes include a screenshot or\ngif.\n\n- Fixes
flaky test`allows updating of an advanced setting` by making\nsure to
wait for page refresh\n- Adds back test to check for toast on
error\nhttps://github.com/elastic/kibana/pull/191531\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Søren
Louv-Jansen
<sorenlouv@gmail.com>","sha":"bccbb933c0e2dea4c4d23c7174bbe0be638db252"}},{"branch":"8.16","label":"v8.16.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/213271","number":213271,"state":"MERGED","mergeCommit":{"sha":"b400d81dfeff4274d6a708503c956f3b852cb10c","message":"[8.16]
[Obs AI Assistant] fix flaky test and add back test in settings
(#213196) (#213271)\n\n# Backport\n\nThis will backport the following
commits from `main` to `8.16`:\n- [[Obs AI Assistant] fix flaky test and
add back test in
settings\n(#213196)](https://github.com/elastic/kibana/pull/213196)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Sandra G
<neptunian@users.noreply.github.com>"}},{"url":"https://github.com/elastic/kibana/pull/213272","number":213272,"branch":"9.0","state":"OPEN"},{"url":"https://github.com/elastic/kibana/pull/213316","number":213316,"branch":"8.x","state":"OPEN"}]}]
BACKPORT-->
 2025-03-06 08:48:45 -05:00
Gerard Soldevila
36fa5a4da6
[8.18] SKA: Relocate "platform" packages that remain on /packages (208704) (#212751) 
# Backport

This will backport the following commits from `main` to `8.18`:
- #208704
 2025-03-05 19:22:58 +03:00
Kibana Machine
894b47b6f0
[8.18] [Security Solution] Add UI incentivizers to upgrade prebuilt rules (#211862) (#213232) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Add UI incentivizers to upgrade prebuilt rules
(#211862)](https://github.com/elastic/kibana/pull/211862)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-05T12:14:31Z","message":"[Security
Solution] Add UI incentivizers to upgrade prebuilt rules (#211862)\n\n##
Summary\n\nPartially addresses
https://github.com/elastic/kibana/issues/210358\n\nAdds all callouts and
logic to incentivize users to upgrade their rules asap. These
include:\n\n- [x] Showing a callout on the Rule Management page\n- [x]
Showing a callout on the Rule Details page\n - [x] Letting users open
the Rule Upgrade flyout from the Rule Details page\n- [x] Showing a
callout on the Rule Editing page\n- [x] Showing a callout in the Rule
Upgrade flyout if rule has missing base version\n\nThis PR also adds
related updates to the rule diff algorithms in order to facilitate an
easier upgrade experience when rules have missing base versions. These
include:\n\n- [x] When the rule has a missing base version and is NOT
marked as customized:\n - [x] We should return all the target fields
from the diff algorithm as NO_CONFLICT\n- [x] When the rule has a
missing base version and is marked as customized:\n - [x] We should
attempt to merge all non-functional mergeable fields (any field that
doesn't have consequences with how the rule runs e.g. tags) and return
them as `SOLVABLE_CONFLICT`.\n - **NOTE**: When base versions are
missing and the rule is customized, we attempt to merge all mergable,
non-functional rule fields. These include all fields covered by the
scalar diff array (`tags`, `references`, `new_terms_fields`,
`threat_index`). We typically also consider multi-line string fields as
mergeable but without three versions of the string, we are currently
unable to merge the strings together, so we just return target
version.\n - [x] We should pick the target version for all functional
mergeable fields (e.g. `index`) and non-mergeable fields and return them
as `SOLVABLE_CONFLICT`.\n\n\n### Screenshots\n\n\n**Callout on Rule
details page w/ flyout button**\n![Screenshot 2025-03-03 at 3 58
17 PM](https://github.com/user-attachments/assets/77117cad-fd8c-4b37-8ef7-f66d77f373b8)\n\n---\n\n**Upgrade
flyout now accessible from rule details page**\n![Screenshot 2025-03-03
at 3 58
25 PM](https://github.com/user-attachments/assets/f78e10fe-0767-44ab-a9c9-a5ae616b8b0e)\n\n---\n\n**Callout
on rule editing page**\n![Screenshot 2025-03-03 at 3 58
38 PM](https://github.com/user-attachments/assets/be68420f-a612-4e3d-9139-ad65a3d8b9fc)\n\n---\n\n**Dismissible
callout on rule management page**\n![Screenshot 2025-03-03 at 3 57
52 PM](https://github.com/user-attachments/assets/5227a4d1-474a-44d2-b0bb-fc020e584e8e)\n\n---\n\n**Callout
in rule upgrade flyout when rule has missing base
version**\n![Screenshot 2025-03-03 at 3 58
04 PM](https://github.com/user-attachments/assets/3c1a23fa-f1f0-4301-b392-4c91097a9cb9)\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] Any text
added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common
scenarios","sha":"461787bea6a48cc2c55514843adedc9ca5bb5032","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:high","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Add UI incentivizers to upgrade prebuilt
rules","number":211862,"url":"https://github.com/elastic/kibana/pull/211862","mergeCommit":{"message":"[Security
Solution] Add UI incentivizers to upgrade prebuilt rules (#211862)\n\n##
Summary\n\nPartially addresses
https://github.com/elastic/kibana/issues/210358\n\nAdds all callouts and
logic to incentivize users to upgrade their rules asap. These
include:\n\n- [x] Showing a callout on the Rule Management page\n- [x]
Showing a callout on the Rule Details page\n - [x] Letting users open
the Rule Upgrade flyout from the Rule Details page\n- [x] Showing a
callout on the Rule Editing page\n- [x] Showing a callout in the Rule
Upgrade flyout if rule has missing base version\n\nThis PR also adds
related updates to the rule diff algorithms in order to facilitate an
easier upgrade experience when rules have missing base versions. These
include:\n\n- [x] When the rule has a missing base version and is NOT
marked as customized:\n - [x] We should return all the target fields
from the diff algorithm as NO_CONFLICT\n- [x] When the rule has a
missing base version and is marked as customized:\n - [x] We should
attempt to merge all non-functional mergeable fields (any field that
doesn't have consequences with how the rule runs e.g. tags) and return
them as `SOLVABLE_CONFLICT`.\n - **NOTE**: When base versions are
missing and the rule is customized, we attempt to merge all mergable,
non-functional rule fields. These include all fields covered by the
scalar diff array (`tags`, `references`, `new_terms_fields`,
`threat_index`). We typically also consider multi-line string fields as
mergeable but without three versions of the string, we are currently
unable to merge the strings together, so we just return target
version.\n - [x] We should pick the target version for all functional
mergeable fields (e.g. `index`) and non-mergeable fields and return them
as `SOLVABLE_CONFLICT`.\n\n\n### Screenshots\n\n\n**Callout on Rule
details page w/ flyout button**\n![Screenshot 2025-03-03 at 3 58
17 PM](https://github.com/user-attachments/assets/77117cad-fd8c-4b37-8ef7-f66d77f373b8)\n\n---\n\n**Upgrade
flyout now accessible from rule details page**\n![Screenshot 2025-03-03
at 3 58
25 PM](https://github.com/user-attachments/assets/f78e10fe-0767-44ab-a9c9-a5ae616b8b0e)\n\n---\n\n**Callout
on rule editing page**\n![Screenshot 2025-03-03 at 3 58
38 PM](https://github.com/user-attachments/assets/be68420f-a612-4e3d-9139-ad65a3d8b9fc)\n\n---\n\n**Dismissible
callout on rule management page**\n![Screenshot 2025-03-03 at 3 57
52 PM](https://github.com/user-attachments/assets/5227a4d1-474a-44d2-b0bb-fc020e584e8e)\n\n---\n\n**Callout
in rule upgrade flyout when rule has missing base
version**\n![Screenshot 2025-03-03 at 3 58
04 PM](https://github.com/user-attachments/assets/3c1a23fa-f1f0-4301-b392-4c91097a9cb9)\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] Any text
added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common
scenarios","sha":"461787bea6a48cc2c55514843adedc9ca5bb5032"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211862","number":211862,"mergeCommit":{"message":"[Security
Solution] Add UI incentivizers to upgrade prebuilt rules (#211862)\n\n##
Summary\n\nPartially addresses
https://github.com/elastic/kibana/issues/210358\n\nAdds all callouts and
logic to incentivize users to upgrade their rules asap. These
include:\n\n- [x] Showing a callout on the Rule Management page\n- [x]
Showing a callout on the Rule Details page\n - [x] Letting users open
the Rule Upgrade flyout from the Rule Details page\n- [x] Showing a
callout on the Rule Editing page\n- [x] Showing a callout in the Rule
Upgrade flyout if rule has missing base version\n\nThis PR also adds
related updates to the rule diff algorithms in order to facilitate an
easier upgrade experience when rules have missing base versions. These
include:\n\n- [x] When the rule has a missing base version and is NOT
marked as customized:\n - [x] We should return all the target fields
from the diff algorithm as NO_CONFLICT\n- [x] When the rule has a
missing base version and is marked as customized:\n - [x] We should
attempt to merge all non-functional mergeable fields (any field that
doesn't have consequences with how the rule runs e.g. tags) and return
them as `SOLVABLE_CONFLICT`.\n - **NOTE**: When base versions are
missing and the rule is customized, we attempt to merge all mergable,
non-functional rule fields. These include all fields covered by the
scalar diff array (`tags`, `references`, `new_terms_fields`,
`threat_index`). We typically also consider multi-line string fields as
mergeable but without three versions of the string, we are currently
unable to merge the strings together, so we just return target
version.\n - [x] We should pick the target version for all functional
mergeable fields (e.g. `index`) and non-mergeable fields and return them
as `SOLVABLE_CONFLICT`.\n\n\n### Screenshots\n\n\n**Callout on Rule
details page w/ flyout button**\n![Screenshot 2025-03-03 at 3 58
17 PM](https://github.com/user-attachments/assets/77117cad-fd8c-4b37-8ef7-f66d77f373b8)\n\n---\n\n**Upgrade
flyout now accessible from rule details page**\n![Screenshot 2025-03-03
at 3 58
25 PM](https://github.com/user-attachments/assets/f78e10fe-0767-44ab-a9c9-a5ae616b8b0e)\n\n---\n\n**Callout
on rule editing page**\n![Screenshot 2025-03-03 at 3 58
38 PM](https://github.com/user-attachments/assets/be68420f-a612-4e3d-9139-ad65a3d8b9fc)\n\n---\n\n**Dismissible
callout on rule management page**\n![Screenshot 2025-03-03 at 3 57
52 PM](https://github.com/user-attachments/assets/5227a4d1-474a-44d2-b0bb-fc020e584e8e)\n\n---\n\n**Callout
in rule upgrade flyout when rule has missing base
version**\n![Screenshot 2025-03-03 at 3 58
04 PM](https://github.com/user-attachments/assets/3c1a23fa-f1f0-4301-b392-4c91097a9cb9)\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] Any text
added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common
scenarios","sha":"461787bea6a48cc2c55514843adedc9ca5bb5032"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
 2025-03-05 15:23:31 +01:00
Kibana Machine
a2d89b0a90
[8.18] [Siem Migration] - Start/Stop Translation integration tests (#212030) (#213219) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Siem Migration] - Start/Stop Translation integration tests
(#212030)](https://github.com/elastic/kibana/pull/212030)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jatin
Kathuria","email":"jatin.kathuria@elastic.co"},"sourceCommit":{"committedDate":"2025-03-05T11:06:06Z","message":"[Siem
Migration] - Start/Stop Translation integration tests (#212030)\n\n##
Summary\n\nHandles\n-
https://github.com/elastic/security-team/issues/11232\n\nThis PR adds
the integration tests for \n- Start Translation API\n- Stop Translation
API","sha":"4998b75677557f4781b94bd58cf04eae118943d6","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Siem
Migration] - Start/Stop Translation integration
tests","number":212030,"url":"https://github.com/elastic/kibana/pull/212030","mergeCommit":{"message":"[Siem
Migration] - Start/Stop Translation integration tests (#212030)\n\n##
Summary\n\nHandles\n-
https://github.com/elastic/security-team/issues/11232\n\nThis PR adds
the integration tests for \n- Start Translation API\n- Stop Translation
API","sha":"4998b75677557f4781b94bd58cf04eae118943d6"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212030","number":212030,"mergeCommit":{"message":"[Siem
Migration] - Start/Stop Translation integration tests (#212030)\n\n##
Summary\n\nHandles\n-
https://github.com/elastic/security-team/issues/11232\n\nThis PR adds
the integration tests for \n- Start Translation API\n- Stop Translation
API","sha":"4998b75677557f4781b94bd58cf04eae118943d6"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
 2025-03-05 14:04:33 +01:00
Vitalii Dmyterko
7735d47870
[8.18] [Security Solution][Detection Engine] adds bulkGetUserProfiles privilege to Security Feature (#211824) (#213129) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution][Detection Engine] adds bulkGetUserProfiles
privilege to Security Feature
(#211824)](https://github.com/elastic/kibana/pull/211824)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Vitalii
Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-04T15:08:41Z","message":"[Security
Solution][Detection Engine] adds bulkGetUserProfiles privilege to
Security Feature (#211824)\n\n## Summary\n\n- addresses
https://github.com/elastic/kibana/issues/202051\n\nFew observations,
based on
ticket\n[description](https://github.com/elastic/kibana/issues/202051):\n\n1.
User can update assignees in alert(i.e. update any alert details,\nwhich
is handled by **SecuritySolution** priv)\n2. User can see suggested
users in searchbox\n3. User **can not** see assignees details(name,
avatar) in alerts table\ncolumn and alerts flyout(that's where error
toast originates from)\n\nWhy this happens?\n2 different APIs used to
show users in searchbox and user details in\nalerts table column:\n\n1.
API to show users in
searchbox:\n[/internal/detection_engine/users/_find](https://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts#L24)\nIt
requires `securitySolution` privilege\n2. API for alerts table
cell:\n[/internal/security/user_profile/_bulk_get](https://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/security/server/routes/user_profile/bulk_get.ts#L20)\nIt
requires `bulkGetUserProfiles` privilege\n\nUser was configured with
read only Security Feature, that covers only\nfirst API, that's why we
see error\n> API [POST /internal/security/user_profile/_bulk_get] is
unauthorized\nfor user, this action is granted by the Kibana
privileges\n[bulkGetUserProfiles] (403)\n\nHowever `bulkGetUserProfiles`
is covered by `Cases` feature already. If\nCases access will be set to
read, user would be able to see assignees\ndetails through
`/internal/security/user_profile/_bulk_get` API.\nIt happens, because
cases API tags include
`bulkGetUserProfiles`\nprivilege:\nhttps://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts#L32,\nhttps://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/packages/features/src/cases/types.ts#L7\n\nThis
PR includes `bulkGetUserProfiles` privilege in Security
Feature:\nhttps://github.com/elastic/kibana/pull/211824. Since, it's
already\npresent in Cases feature, and user profiles available through
Security\nSolution `/internal/detection_engine/users/_find`
API","sha":"847be917a653a830670eb2b8f57674fa9b7a1e8d","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:Detections
and Resp","Team:Detection
Engine","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution][Detection Engine] adds bulkGetUserProfiles privilege to
Security
Feature","number":211824,"url":"https://github.com/elastic/kibana/pull/211824","mergeCommit":{"message":"[Security
Solution][Detection Engine] adds bulkGetUserProfiles privilege to
Security Feature (#211824)\n\n## Summary\n\n- addresses
https://github.com/elastic/kibana/issues/202051\n\nFew observations,
based on
ticket\n[description](https://github.com/elastic/kibana/issues/202051):\n\n1.
User can update assignees in alert(i.e. update any alert details,\nwhich
is handled by **SecuritySolution** priv)\n2. User can see suggested
users in searchbox\n3. User **can not** see assignees details(name,
avatar) in alerts table\ncolumn and alerts flyout(that's where error
toast originates from)\n\nWhy this happens?\n2 different APIs used to
show users in searchbox and user details in\nalerts table column:\n\n1.
API to show users in
searchbox:\n[/internal/detection_engine/users/_find](https://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts#L24)\nIt
requires `securitySolution` privilege\n2. API for alerts table
cell:\n[/internal/security/user_profile/_bulk_get](https://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/security/server/routes/user_profile/bulk_get.ts#L20)\nIt
requires `bulkGetUserProfiles` privilege\n\nUser was configured with
read only Security Feature, that covers only\nfirst API, that's why we
see error\n> API [POST /internal/security/user_profile/_bulk_get] is
unauthorized\nfor user, this action is granted by the Kibana
privileges\n[bulkGetUserProfiles] (403)\n\nHowever `bulkGetUserProfiles`
is covered by `Cases` feature already. If\nCases access will be set to
read, user would be able to see assignees\ndetails through
`/internal/security/user_profile/_bulk_get` API.\nIt happens, because
cases API tags include
`bulkGetUserProfiles`\nprivilege:\nhttps://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts#L32,\nhttps://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/packages/features/src/cases/types.ts#L7\n\nThis
PR includes `bulkGetUserProfiles` privilege in Security
Feature:\nhttps://github.com/elastic/kibana/pull/211824. Since, it's
already\npresent in Cases feature, and user profiles available through
Security\nSolution `/internal/detection_engine/users/_find`
API","sha":"847be917a653a830670eb2b8f57674fa9b7a1e8d"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/213120","number":213120,"state":"OPEN"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211824","number":211824,"mergeCommit":{"message":"[Security
Solution][Detection Engine] adds bulkGetUserProfiles privilege to
Security Feature (#211824)\n\n## Summary\n\n- addresses
https://github.com/elastic/kibana/issues/202051\n\nFew observations,
based on
ticket\n[description](https://github.com/elastic/kibana/issues/202051):\n\n1.
User can update assignees in alert(i.e. update any alert details,\nwhich
is handled by **SecuritySolution** priv)\n2. User can see suggested
users in searchbox\n3. User **can not** see assignees details(name,
avatar) in alerts table\ncolumn and alerts flyout(that's where error
toast originates from)\n\nWhy this happens?\n2 different APIs used to
show users in searchbox and user details in\nalerts table column:\n\n1.
API to show users in
searchbox:\n[/internal/detection_engine/users/_find](https://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts#L24)\nIt
requires `securitySolution` privilege\n2. API for alerts table
cell:\n[/internal/security/user_profile/_bulk_get](https://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/security/server/routes/user_profile/bulk_get.ts#L20)\nIt
requires `bulkGetUserProfiles` privilege\n\nUser was configured with
read only Security Feature, that covers only\nfirst API, that's why we
see error\n> API [POST /internal/security/user_profile/_bulk_get] is
unauthorized\nfor user, this action is granted by the Kibana
privileges\n[bulkGetUserProfiles] (403)\n\nHowever `bulkGetUserProfiles`
is covered by `Cases` feature already. If\nCases access will be set to
read, user would be able to see assignees\ndetails through
`/internal/security/user_profile/_bulk_get` API.\nIt happens, because
cases API tags include
`bulkGetUserProfiles`\nprivilege:\nhttps://github.com/elastic/kibana/blob/8.18/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts#L32,\nhttps://github.com/elastic/kibana/blob/8.18/x-pack/solutions/security/packages/features/src/cases/types.ts#L7\n\nThis
PR includes `bulkGetUserProfiles` privilege in Security
Feature:\nhttps://github.com/elastic/kibana/pull/211824. Since, it's
already\npresent in Cases feature, and user profiles available through
Security\nSolution `/internal/detection_engine/users/_find`
API","sha":"847be917a653a830670eb2b8f57674fa9b7a1e8d"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-03-04 13:24:04 -05:00
Konrad Szwarc
d62f1162bc
[8.18] [EDR Workflows] OpenApi Missing Content - Response Actions (#212510) (#212868) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[EDR Workflows] OpenApi Missing Content - Response Actions
(#212510)](https://github.com/elastic/kibana/pull/212510)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Konrad
Szwarc","email":"konrad.szwarc@elastic.co"},"sourceCommit":{"committedDate":"2025-02-28T16:44:00Z","message":"[EDR
Workflows] OpenApi Missing Content - Response Actions (#212510)\n\n##
For reviewers:\nOnly `*.schema.yml` files were edited
(excluding\n`*.bundled.schema.yml`). Rest of the changes comes from auto
generation\nand can be ignored.\n\n## Description\n\nPart of DW team
effort - elastic/security-team#11804\n\nThis PR aligns the
property/schema descriptions and examples in\nAsciiDocs with OpenAPI
schemas. The primary goal of this PR was not to\nextend or enhance the
documentation but to migrate from one system to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/security/8.17/management-api-overview.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist\n\nChanges:\n\nCopied
missing property descriptions from AsciiDoc to OpenApi
properties\nCopied existing AsciiDoc examples for both requests and
responses\nFixed falsy query object in some GET requests - in OpenApi it
was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Paul
Tavares
<56442535+paul-tavares@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"2700a2a95158dc5d5a77ff074119b1b61f949310","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","backport:prev-minor","backport:prev-major","v8.16.0","v8.17.0","v8.18.0","v9.1.0"],"title":"[EDR
Workflows] OpenApi Missing Content - Response
Actions","number":212510,"url":"https://github.com/elastic/kibana/pull/212510","mergeCommit":{"message":"[EDR
Workflows] OpenApi Missing Content - Response Actions (#212510)\n\n##
For reviewers:\nOnly `*.schema.yml` files were edited
(excluding\n`*.bundled.schema.yml`). Rest of the changes comes from auto
generation\nand can be ignored.\n\n## Description\n\nPart of DW team
effort - elastic/security-team#11804\n\nThis PR aligns the
property/schema descriptions and examples in\nAsciiDocs with OpenAPI
schemas. The primary goal of this PR was not to\nextend or enhance the
documentation but to migrate from one system to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/security/8.17/management-api-overview.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist\n\nChanges:\n\nCopied
missing property descriptions from AsciiDoc to OpenApi
properties\nCopied existing AsciiDoc examples for both requests and
responses\nFixed falsy query object in some GET requests - in OpenApi it
was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Paul
Tavares
<56442535+paul-tavares@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"2700a2a95158dc5d5a77ff074119b1b61f949310"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.17","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/212794","number":212794,"state":"MERGED","mergeCommit":{"sha":"3ceba17cbd76f89b72986190b8c77f5079706282","message":"[9.0]
[EDR Workflows] OpenApi Missing Content - Response Actions (#212510)
(#212794)\n\n# Backport\n\nThis will backport the following commits from
`main` to `9.0`:\n- [[EDR Workflows] OpenApi Missing Content - Response
Actions\n(#212510)](https://github.com/elastic/kibana/pull/212510)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Konrad Szwarc
<konrad.szwarc@elastic.co>"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212510","number":212510,"mergeCommit":{"message":"[EDR
Workflows] OpenApi Missing Content - Response Actions (#212510)\n\n##
For reviewers:\nOnly `*.schema.yml` files were edited
(excluding\n`*.bundled.schema.yml`). Rest of the changes comes from auto
generation\nand can be ignored.\n\n## Description\n\nPart of DW team
effort - elastic/security-team#11804\n\nThis PR aligns the
property/schema descriptions and examples in\nAsciiDocs with OpenAPI
schemas. The primary goal of this PR was not to\nextend or enhance the
documentation but to migrate from one system to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/security/8.17/management-api-overview.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist\n\nChanges:\n\nCopied
missing property descriptions from AsciiDoc to OpenApi
properties\nCopied existing AsciiDoc examples for both requests and
responses\nFixed falsy query object in some GET requests - in OpenApi it
was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Paul
Tavares
<56442535+paul-tavares@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"2700a2a95158dc5d5a77ff074119b1b61f949310"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2025-03-03 17:37:22 +00:00
Kibana Machine
af0f7ddc96
[8.18] [Security Solution] Reduce the _review rule upgrade endpoint response size (#211045) (#212920) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Reduce the _review rule upgrade endpoint response
size (#211045)](https://github.com/elastic/kibana/pull/211045)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Dmitrii
Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2025-03-03T14:03:07Z","message":"[Security
Solution] Reduce the _review rule upgrade endpoint response size
(#211045)\n\n**Resolves:
https://github.com/elastic/kibana/issues/208361**\n**Resolves:
https://github.com/elastic/kibana/issues/210544**\n\n## Summary\n\nThis
PR introduces significant memory consumption improvements to
the\nprebuilt rule endpoints, ensuring users won't encounter OOM errors
on\nmemory-limited Kibana instances.\n\nMemory consumption testing
results provided
in\nhttps://github.com/elastic/kibana/pull/211045#issuecomment-2689854328.\n\n##
Details\n\nThis PR implements a number of memory usage optimizations to
the\nprebuilt rule endpoints with the final goal reducing chances of
getting\nOOM errors. The changes are extensive and require thorough
testing\nbefore merging.\n\nThe changes are described by the following
bullets\n\n- The most significant change is the addition of pagination
to the\n`upgrade/_review` endpoint. This endpoint was known for causing
OOM\nerrors due to its large and ever-growing response size. With
pagination,\nit now returns upgrade information for no more than 20-100
rules at a\ntime, significantly reducing its memory footprint.\n- New
backend methods, such
as\n`ruleObjectsClient.fetchInstalledRuleVersions`, have been
introduced.\nThese methods return rule IDs with their corresponding
installed\nversions, allowing to build a map of outdated rules without
loading all\navailable rules into memory. Previously, all installed
rules, along with\ntheir base and target versions, were fetched
unconditionally before\nfiltering for updates.\n- The `stats` data
structure of the review endpoint has been deprecated\n(it can be safely
removed after one Serverless release cycle). Since the\nendpoint now
returns paginated results, building stats is no longer\nfeasible due to
the limited rule set size fetched on the server side. As\nthe side
effect it required removing related Cypress tests asserting\n`Update
All` disabled when rules can't be updated.\n- All changes to the
endpoints are backward-compatible. All previously\nrequired returned
structures still present in response. All newly added\nstructures are
optional.\n- Upgradeable rule tags are now returned from the prebuilt
rule status\nendpoint.\n- The frontend logic has been updated to move
sorting and filtering of\nprebuilt rules from the client side to the
server side.\n- The `upgrade/_perform` endpoint has been rewritten to
use lightweight\nrule version information rather than full rules to
determine upgradeable\nrules. Additionally, upgrades are now performed
in batches of up to 100\nrules, further reducing memory usage.\n- A dry
run option has been added to the upgrade perform endpoint. This\nis
needed for the \"Update all\" rules scenario to determine if any
rules\ncontain conflicts and display a confirmation modal to the
user.\n- An option to skip conflicting rules has been added to the
upgrade\nendpoint when called with the `ALL_RULES` mode.\n- The
`install/_review` endpoint's memory consumption has been optimized\nby
avoiding loading all rules into memory to determine available rules\nfor
installation. Redundant fetching of all base versions has also
been\nremoved, as they do not participate in the
calculation.\n\n---------\n\nCo-authored-by: Maxim Palenov
<maxim.palenov@elastic.co>","sha":"c4a016eda30ae8f224fdd485a634dc6773898e31","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","performance","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0","v8.17.3"],"title":"[Security
Solution] Reduce the _review rule upgrade endpoint response
size","number":211045,"url":"https://github.com/elastic/kibana/pull/211045","mergeCommit":{"message":"[Security
Solution] Reduce the _review rule upgrade endpoint response size
(#211045)\n\n**Resolves:
https://github.com/elastic/kibana/issues/208361**\n**Resolves:
https://github.com/elastic/kibana/issues/210544**\n\n## Summary\n\nThis
PR introduces significant memory consumption improvements to
the\nprebuilt rule endpoints, ensuring users won't encounter OOM errors
on\nmemory-limited Kibana instances.\n\nMemory consumption testing
results provided
in\nhttps://github.com/elastic/kibana/pull/211045#issuecomment-2689854328.\n\n##
Details\n\nThis PR implements a number of memory usage optimizations to
the\nprebuilt rule endpoints with the final goal reducing chances of
getting\nOOM errors. The changes are extensive and require thorough
testing\nbefore merging.\n\nThe changes are described by the following
bullets\n\n- The most significant change is the addition of pagination
to the\n`upgrade/_review` endpoint. This endpoint was known for causing
OOM\nerrors due to its large and ever-growing response size. With
pagination,\nit now returns upgrade information for no more than 20-100
rules at a\ntime, significantly reducing its memory footprint.\n- New
backend methods, such
as\n`ruleObjectsClient.fetchInstalledRuleVersions`, have been
introduced.\nThese methods return rule IDs with their corresponding
installed\nversions, allowing to build a map of outdated rules without
loading all\navailable rules into memory. Previously, all installed
rules, along with\ntheir base and target versions, were fetched
unconditionally before\nfiltering for updates.\n- The `stats` data
structure of the review endpoint has been deprecated\n(it can be safely
removed after one Serverless release cycle). Since the\nendpoint now
returns paginated results, building stats is no longer\nfeasible due to
the limited rule set size fetched on the server side. As\nthe side
effect it required removing related Cypress tests asserting\n`Update
All` disabled when rules can't be updated.\n- All changes to the
endpoints are backward-compatible. All previously\nrequired returned
structures still present in response. All newly added\nstructures are
optional.\n- Upgradeable rule tags are now returned from the prebuilt
rule status\nendpoint.\n- The frontend logic has been updated to move
sorting and filtering of\nprebuilt rules from the client side to the
server side.\n- The `upgrade/_perform` endpoint has been rewritten to
use lightweight\nrule version information rather than full rules to
determine upgradeable\nrules. Additionally, upgrades are now performed
in batches of up to 100\nrules, further reducing memory usage.\n- A dry
run option has been added to the upgrade perform endpoint. This\nis
needed for the \"Update all\" rules scenario to determine if any
rules\ncontain conflicts and display a confirmation modal to the
user.\n- An option to skip conflicting rules has been added to the
upgrade\nendpoint when called with the `ALL_RULES` mode.\n- The
`install/_review` endpoint's memory consumption has been optimized\nby
avoiding loading all rules into memory to determine available rules\nfor
installation. Redundant fetching of all base versions has also
been\nremoved, as they do not participate in the
calculation.\n\n---------\n\nCo-authored-by: Maxim Palenov
<maxim.palenov@elastic.co>","sha":"c4a016eda30ae8f224fdd485a634dc6773898e31"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x","8.17"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211045","number":211045,"mergeCommit":{"message":"[Security
Solution] Reduce the _review rule upgrade endpoint response size
(#211045)\n\n**Resolves:
https://github.com/elastic/kibana/issues/208361**\n**Resolves:
https://github.com/elastic/kibana/issues/210544**\n\n## Summary\n\nThis
PR introduces significant memory consumption improvements to
the\nprebuilt rule endpoints, ensuring users won't encounter OOM errors
on\nmemory-limited Kibana instances.\n\nMemory consumption testing
results provided
in\nhttps://github.com/elastic/kibana/pull/211045#issuecomment-2689854328.\n\n##
Details\n\nThis PR implements a number of memory usage optimizations to
the\nprebuilt rule endpoints with the final goal reducing chances of
getting\nOOM errors. The changes are extensive and require thorough
testing\nbefore merging.\n\nThe changes are described by the following
bullets\n\n- The most significant change is the addition of pagination
to the\n`upgrade/_review` endpoint. This endpoint was known for causing
OOM\nerrors due to its large and ever-growing response size. With
pagination,\nit now returns upgrade information for no more than 20-100
rules at a\ntime, significantly reducing its memory footprint.\n- New
backend methods, such
as\n`ruleObjectsClient.fetchInstalledRuleVersions`, have been
introduced.\nThese methods return rule IDs with their corresponding
installed\nversions, allowing to build a map of outdated rules without
loading all\navailable rules into memory. Previously, all installed
rules, along with\ntheir base and target versions, were fetched
unconditionally before\nfiltering for updates.\n- The `stats` data
structure of the review endpoint has been deprecated\n(it can be safely
removed after one Serverless release cycle). Since the\nendpoint now
returns paginated results, building stats is no longer\nfeasible due to
the limited rule set size fetched on the server side. As\nthe side
effect it required removing related Cypress tests asserting\n`Update
All` disabled when rules can't be updated.\n- All changes to the
endpoints are backward-compatible. All previously\nrequired returned
structures still present in response. All newly added\nstructures are
optional.\n- Upgradeable rule tags are now returned from the prebuilt
rule status\nendpoint.\n- The frontend logic has been updated to move
sorting and filtering of\nprebuilt rules from the client side to the
server side.\n- The `upgrade/_perform` endpoint has been rewritten to
use lightweight\nrule version information rather than full rules to
determine upgradeable\nrules. Additionally, upgrades are now performed
in batches of up to 100\nrules, further reducing memory usage.\n- A dry
run option has been added to the upgrade perform endpoint. This\nis
needed for the \"Update all\" rules scenario to determine if any
rules\ncontain conflicts and display a confirmation modal to the
user.\n- An option to skip conflicting rules has been added to the
upgrade\nendpoint when called with the `ALL_RULES` mode.\n- The
`install/_review` endpoint's memory consumption has been optimized\nby
avoiding loading all rules into memory to determine available rules\nfor
installation. Redundant fetching of all base versions has also
been\nremoved, as they do not participate in the
calculation.\n\n---------\n\nCo-authored-by: Maxim Palenov
<maxim.palenov@elastic.co>","sha":"c4a016eda30ae8f224fdd485a634dc6773898e31"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Dmitrii Shevchenko <dmitrii.shevchenko@elastic.co>
 2025-03-03 15:57:51 +00:00
Kibana Machine
2f02a2a050
[8.18] [Security Assistant] Fix initialization of Knowledge Base on undersized clusters (#212167) (#212809) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Assistant] Fix initialization of Knowledge Base on
undersized clusters
(#212167)](https://github.com/elastic/kibana/pull/212167)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Patryk
Kopyciński","email":"contact@patrykkopycinski.com"},"sourceCommit":{"committedDate":"2025-02-28T20:42:04Z","message":"[Security
Assistant] Fix initialization of Knowledge Base on undersized clusters
(#212167)\n\n## Summary\n\nShow error to the user when trying to setup
Knowledge base on undersized\ncluster\n\n<img width=\"1847\" alt=\"Zrzut
ekranu 2025-02-26 o 19 03
43\"\nsrc=\"https://github.com/user-attachments/assets/a42d8560-aebb-410e-a364-7a27074f62fc\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Garrett Spong <spong@users.noreply.github.com>\nCo-authored-by: Garrett
Spong
<garrett.spong@elastic.co>","sha":"b5caf904e775d32f8964dde8a407a3ca555b3f38","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","ci:cloud-deploy","ci:project-deploy-security","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Assistant] Fix initialization of Knowledge Base on undersized
clusters","number":212167,"url":"https://github.com/elastic/kibana/pull/212167","mergeCommit":{"message":"[Security
Assistant] Fix initialization of Knowledge Base on undersized clusters
(#212167)\n\n## Summary\n\nShow error to the user when trying to setup
Knowledge base on undersized\ncluster\n\n<img width=\"1847\" alt=\"Zrzut
ekranu 2025-02-26 o 19 03
43\"\nsrc=\"https://github.com/user-attachments/assets/a42d8560-aebb-410e-a364-7a27074f62fc\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Garrett Spong <spong@users.noreply.github.com>\nCo-authored-by: Garrett
Spong
<garrett.spong@elastic.co>","sha":"b5caf904e775d32f8964dde8a407a3ca555b3f38"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212167","number":212167,"mergeCommit":{"message":"[Security
Assistant] Fix initialization of Knowledge Base on undersized clusters
(#212167)\n\n## Summary\n\nShow error to the user when trying to setup
Knowledge base on undersized\ncluster\n\n<img width=\"1847\" alt=\"Zrzut
ekranu 2025-02-26 o 19 03
43\"\nsrc=\"https://github.com/user-attachments/assets/a42d8560-aebb-410e-a364-7a27074f62fc\"\n/>\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Garrett Spong <spong@users.noreply.github.com>\nCo-authored-by: Garrett
Spong
<garrett.spong@elastic.co>","sha":"b5caf904e775d32f8964dde8a407a3ca555b3f38"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
 2025-02-28 22:51:32 +00:00
Kibana Machine
56e8ebcac6
[8.18] [Search] Add read version of enterprise search privilege (#211810) (#212231) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Search] Add read version of enterprise search privilege
(#211810)](https://github.com/elastic/kibana/pull/211810)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Sander
Philipse","email":"94373878+sphilipse@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T12:14:43Z","message":"[Search]
Add read version of enterprise search privilege (#211810)\n\n##
Summary\n\nThis adds a read version of the default Search privilege.
This will make\nsure that viewer users don't land on a 403 error when
logging into a\nSearch solution.\n\nOptimizing the experience for the
viewer role will be a separate
task.","sha":"2b621eef9b420f93483f3dedd1ad1f1c2a2d7eba","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Search","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Search]
Add read version of enterprise search
privilege","number":211810,"url":"https://github.com/elastic/kibana/pull/211810","mergeCommit":{"message":"[Search]
Add read version of enterprise search privilege (#211810)\n\n##
Summary\n\nThis adds a read version of the default Search privilege.
This will make\nsure that viewer users don't land on a 403 error when
logging into a\nSearch solution.\n\nOptimizing the experience for the
viewer role will be a separate
task.","sha":"2b621eef9b420f93483f3dedd1ad1f1c2a2d7eba"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211810","number":211810,"mergeCommit":{"message":"[Search]
Add read version of enterprise search privilege (#211810)\n\n##
Summary\n\nThis adds a read version of the default Search privilege.
This will make\nsure that viewer users don't land on a 403 error when
logging into a\nSearch solution.\n\nOptimizing the experience for the
viewer role will be a separate
task.","sha":"2b621eef9b420f93483f3dedd1ad1f1c2a2d7eba"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: Sander Philipse <94373878+sphilipse@users.noreply.github.com>
 2025-02-27 18:52:39 +00:00
Kibana Machine
4d23adeb3b
[8.18] [EDR Workflows][Osquery] OpenApi Missing Content (#212032) (#212641) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[EDR Workflows][Osquery] OpenApi Missing Content
(#212032)](https://github.com/elastic/kibana/pull/212032)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Konrad
Szwarc","email":"konrad.szwarc@elastic.co"},"sourceCommit":{"committedDate":"2025-02-27T12:29:04Z","message":"[EDR
Workflows][Osquery] OpenApi Missing Content (#212032)\n\nPart of DW team
effort -\nhttps://github.com/elastic/security-team/issues/11804\n\nThis
PR aligns the property/schema descriptions and examples in\nAsciiDocs
with OpenAPI schemas. The primary goal of this PR was not to\nextend or
enhance the documentation but to migrate from one system
to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/kibana/8.17/osquery-manager-api.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-osqueryfindlivequeries\n\nChanges:\n1.
Copied missing property descriptions from AsciiDoc to
OpenApi\nproperties\n2. Copied existing AsciiDoc examples for both
requests and responses\n3. Fixed falsy query object in some GET requests
- in OpenApi it was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"92867c697dc573867e6450249178d16110d34603","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","backport:prev-minor","backport:prev-major","v8.16.0","v8.17.0","v8.18.0","v9.1.0"],"title":"[EDR
Workflows][Osquery] OpenApi Missing
Content","number":212032,"url":"https://github.com/elastic/kibana/pull/212032","mergeCommit":{"message":"[EDR
Workflows][Osquery] OpenApi Missing Content (#212032)\n\nPart of DW team
effort -\nhttps://github.com/elastic/security-team/issues/11804\n\nThis
PR aligns the property/schema descriptions and examples in\nAsciiDocs
with OpenAPI schemas. The primary goal of this PR was not to\nextend or
enhance the documentation but to migrate from one system
to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/kibana/8.17/osquery-manager-api.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-osqueryfindlivequeries\n\nChanges:\n1.
Copied missing property descriptions from AsciiDoc to
OpenApi\nproperties\n2. Copied existing AsciiDoc examples for both
requests and responses\n3. Fixed falsy query object in some GET requests
- in OpenApi it was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"92867c697dc573867e6450249178d16110d34603"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.16","8.17","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212032","number":212032,"mergeCommit":{"message":"[EDR
Workflows][Osquery] OpenApi Missing Content (#212032)\n\nPart of DW team
effort -\nhttps://github.com/elastic/security-team/issues/11804\n\nThis
PR aligns the property/schema descriptions and examples in\nAsciiDocs
with OpenAPI schemas. The primary goal of this PR was not to\nextend or
enhance the documentation but to migrate from one system
to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/kibana/8.17/osquery-manager-api.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-osqueryfindlivequeries\n\nChanges:\n1.
Copied missing property descriptions from AsciiDoc to
OpenApi\nproperties\n2. Copied existing AsciiDoc examples for both
requests and responses\n3. Fixed falsy query object in some GET requests
- in OpenApi it was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"92867c697dc573867e6450249178d16110d34603"}}]}]
BACKPORT-->

---------

Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co>
 2025-02-27 16:05:10 +00:00
Samiul Monir
1bc5fbc3e4
[8.18] Updating preconfigured connector name (#211927) (#212445) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [Updating preconfigured connector name
(#211927)](https://github.com/elastic/kibana/pull/211927)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Samiul
Monir","email":"150824886+Samiul-TheSoccerFan@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-25T19:21:22Z","message":"Updating
preconfigured connector name (#211927)\n\n## Summary\n\nUpdate
Preconfigured connector name to `Elastic LLM`.\n\n<img width=\"1504\"
alt=\"Screenshot 2025-02-20 at 11 29
02 AM\"\nsrc=\"https://github.com/user-attachments/assets/aa0a32f7-f1b2-4496-8c2e-7773f017c153\"\n/>\n\n###
ES3 Testing instruction\nNo additional config needed. Once run in local
machine, the changes\nshould reflect automatically.\n\n### ESS
instructions\nIn `kibana.dev.yml` file, add\n```\n#
xpack.actions.preconfigured:\n Elastic-LLM:\n name: Elastic LLM\n
actionTypeId: .inference\n exposeConfig: true\n config:\n provider:
'elastic'\n taskType: 'chat_completion'\n inferenceId:
'.rainbow-sprinkles-elastic'\n providerConfig:\n model_id:
'rainbow-sprinkles'\n```\nand the preconfigured endpoint with updated
name should be visible.\n\n### Checklist\n\nCheck the PR satisfies
following conditions. \n\nReviewers should verify this PR satisfies this
list as well.\n\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios","sha":"0e02a328927e56b5eccc7fa266fd0b2a3d9bdd62","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","ci:project-deploy-elasticsearch","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"Updating
preconfigured connector
name","number":211927,"url":"https://github.com/elastic/kibana/pull/211927","mergeCommit":{"message":"Updating
preconfigured connector name (#211927)\n\n## Summary\n\nUpdate
Preconfigured connector name to `Elastic LLM`.\n\n<img width=\"1504\"
alt=\"Screenshot 2025-02-20 at 11 29
02 AM\"\nsrc=\"https://github.com/user-attachments/assets/aa0a32f7-f1b2-4496-8c2e-7773f017c153\"\n/>\n\n###
ES3 Testing instruction\nNo additional config needed. Once run in local
machine, the changes\nshould reflect automatically.\n\n### ESS
instructions\nIn `kibana.dev.yml` file, add\n```\n#
xpack.actions.preconfigured:\n Elastic-LLM:\n name: Elastic LLM\n
actionTypeId: .inference\n exposeConfig: true\n config:\n provider:
'elastic'\n taskType: 'chat_completion'\n inferenceId:
'.rainbow-sprinkles-elastic'\n providerConfig:\n model_id:
'rainbow-sprinkles'\n```\nand the preconfigured endpoint with updated
name should be visible.\n\n### Checklist\n\nCheck the PR satisfies
following conditions. \n\nReviewers should verify this PR satisfies this
list as well.\n\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios","sha":"0e02a328927e56b5eccc7fa266fd0b2a3d9bdd62"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211927","number":211927,"mergeCommit":{"message":"Updating
preconfigured connector name (#211927)\n\n## Summary\n\nUpdate
Preconfigured connector name to `Elastic LLM`.\n\n<img width=\"1504\"
alt=\"Screenshot 2025-02-20 at 11 29
02 AM\"\nsrc=\"https://github.com/user-attachments/assets/aa0a32f7-f1b2-4496-8c2e-7773f017c153\"\n/>\n\n###
ES3 Testing instruction\nNo additional config needed. Once run in local
machine, the changes\nshould reflect automatically.\n\n### ESS
instructions\nIn `kibana.dev.yml` file, add\n```\n#
xpack.actions.preconfigured:\n Elastic-LLM:\n name: Elastic LLM\n
actionTypeId: .inference\n exposeConfig: true\n config:\n provider:
'elastic'\n taskType: 'chat_completion'\n inferenceId:
'.rainbow-sprinkles-elastic'\n providerConfig:\n model_id:
'rainbow-sprinkles'\n```\nand the preconfigured endpoint with updated
name should be visible.\n\n### Checklist\n\nCheck the PR satisfies
following conditions. \n\nReviewers should verify this PR satisfies this
list as well.\n\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios","sha":"0e02a328927e56b5eccc7fa266fd0b2a3d9bdd62"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-02-26 23:50:11 -05:00
Vitalii Dmyterko
cf8ca97e00
[8.18] [Security Solution][Detection Engine] moves general logic rule executions FTR tests to Essentials/Basic tier (#211477) (#212278) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution][Detection Engine] moves general logic rule
executions FTR tests to Essentials/Basic tier
(#211477)](https://github.com/elastic/kibana/pull/211477)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Vitalii
Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T13:59:06Z","message":"[Security
Solution][Detection Engine] moves general logic rule executions FTR
tests to Essentials/Basic tier (#211477)\n\n## Summary\n\n - addresses
https://github.com/elastic/kibana/issues/179767\n- ignore_fields tests
run as expected on basic/essentials license, so\nmoved to that tier\n-
moves the rest of files in `general_logic` set of tests to basic\nlevel,
apart from synthetic source tests that requires
platinum(trial)\nlicense","sha":"04a9acd365762fc82a04d7431b5438e29fce971f","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection
Engine","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution][Detection Engine] moves general logic rule executions FTR
tests to Essentials/Basic
tier","number":211477,"url":"https://github.com/elastic/kibana/pull/211477","mergeCommit":{"message":"[Security
Solution][Detection Engine] moves general logic rule executions FTR
tests to Essentials/Basic tier (#211477)\n\n## Summary\n\n - addresses
https://github.com/elastic/kibana/issues/179767\n- ignore_fields tests
run as expected on basic/essentials license, so\nmoved to that tier\n-
moves the rest of files in `general_logic` set of tests to basic\nlevel,
apart from synthetic source tests that requires
platinum(trial)\nlicense","sha":"04a9acd365762fc82a04d7431b5438e29fce971f"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/212247","number":212247,"state":"MERGED","mergeCommit":{"sha":"87db538b04ea9b5096c9aba19ca21c37d6070675","message":"[9.0]
[Security Solution][Detection Engine] moves general logic rule
executions FTR tests to Essentials/Basic tier (#211477) (#212247)\n\n#
Backport\n\nThis will backport the following commits from `main` to
`9.0`:\n- [[Security Solution][Detection Engine] moves general logic
rule\nexecutions FTR tests to Essentials/Basic
tier\n(#211477)](https://github.com/elastic/kibana/pull/211477)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Vitalii Dmyterko
<92328789+vitaliidm@users.noreply.github.com>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211477","number":211477,"mergeCommit":{"message":"[Security
Solution][Detection Engine] moves general logic rule executions FTR
tests to Essentials/Basic tier (#211477)\n\n## Summary\n\n - addresses
https://github.com/elastic/kibana/issues/179767\n- ignore_fields tests
run as expected on basic/essentials license, so\nmoved to that tier\n-
moves the rest of files in `general_logic` set of tests to basic\nlevel,
apart from synthetic source tests that requires
platinum(trial)\nlicense","sha":"04a9acd365762fc82a04d7431b5438e29fce971f"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-02-26 12:56:53 +01:00
Kibana Machine
ace412e802
[8.18] Fix cloud UI sanity tests (#212368) (#212475) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [Fix cloud UI sanity tests
(#212368)](https://github.com/elastic/kibana/pull/212368)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Dmitry
Gurevich","email":"dmitry.gurevich@elastic.co"},"sourceCommit":{"committedDate":"2025-02-26T08:28:18Z","message":"Fix
cloud UI sanity tests (#212368)\n\n## Summary\n\nThis PR fixes the
`Querying provider data` tests executed on the\n`Findings`
page.\n\nSanity UI tests
successfully\n[run](3783519246).\n\n![Screenshot
2025-02-26 at 10
27\n31](https://github.com/user-attachments/assets/f2447f62-fafa-4e58-a98c-5abbf7f08c42)","sha":"d685e54225e41fcebc61eb00624a2a6a499f21d6","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","v8.18.0","v9.1.0","backport:8.18"],"title":"Fix
cloud UI sanity
tests","number":212368,"url":"https://github.com/elastic/kibana/pull/212368","mergeCommit":{"message":"Fix
cloud UI sanity tests (#212368)\n\n## Summary\n\nThis PR fixes the
`Querying provider data` tests executed on the\n`Findings`
page.\n\nSanity UI tests
successfully\n[run](3783519246).\n\n![Screenshot
2025-02-26 at 10
27\n31](https://github.com/user-attachments/assets/f2447f62-fafa-4e58-a98c-5abbf7f08c42)","sha":"d685e54225e41fcebc61eb00624a2a6a499f21d6"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212368","number":212368,"mergeCommit":{"message":"Fix
cloud UI sanity tests (#212368)\n\n## Summary\n\nThis PR fixes the
`Querying provider data` tests executed on the\n`Findings`
page.\n\nSanity UI tests
successfully\n[run](3783519246).\n\n![Screenshot
2025-02-26 at 10
27\n31](https://github.com/user-attachments/assets/f2447f62-fafa-4e58-a98c-5abbf7f08c42)","sha":"d685e54225e41fcebc61eb00624a2a6a499f21d6"}}]}]
BACKPORT-->

Co-authored-by: Dmitry Gurevich <dmitry.gurevich@elastic.co>
 2025-02-26 10:22:59 +00:00
Kibana Machine
ee44e4d0fb
[8.18] [Security Assistant] Fix Knowledge Base API (#211367) (#212456) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Assistant] Fix Knowledge Base API
(#211367)](https://github.com/elastic/kibana/pull/211367)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Patryk
Kopyciński","email":"contact@patrykkopycinski.com"},"sourceCommit":{"committedDate":"2025-02-25T23:00:00Z","message":"[Security
Assistant] Fix Knowledge Base API (#211367)\n\n## Summary\n\nFixes bugs
related to Security Assistant Knowledge Base
API\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Hannah Mudge <Heenawter@users.noreply.github.com>\nCo-authored-by: Marta
Bondyra <4283304+mbondyra@users.noreply.github.com>\nCo-authored-by:
Davis Plumlee
<56367316+dplumlee@users.noreply.github.com>\nCo-authored-by: Jatin
Kathuria <jatin.kathuria@elastic.co>\nCo-authored-by: Chris Cowan
<chris@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Arturo
Lidueña <arturo.liduena@elastic.co>\nCo-authored-by: Jon
<jon@elastic.co>\nCo-authored-by: Rodney Norris
<rodney.norris@elastic.co>\nCo-authored-by: Elena Shostak
<165678770+elena-shostak@users.noreply.github.com>\nCo-authored-by:
Stratoula Kalafateli <efstratia.kalafateli@elastic.co>\nCo-authored-by:
Irene Blanco <irene.blanco@elastic.co>\nCo-authored-by: Cauê Marcondes
<55978943+cauemarcondes@users.noreply.github.com>\nCo-authored-by:
Carlos Crespo
<crespocarlos@users.noreply.github.com>","sha":"c822109a492fe4dcf38ca5aa6d87b2a95bf075c4","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Feature:Security
Assistant","Team:Security Generative
AI","backport:version","v8.18.0","v9.1.0"],"title":"[Security Assistant]
Fix Knowledge Base
API","number":211367,"url":"https://github.com/elastic/kibana/pull/211367","mergeCommit":{"message":"[Security
Assistant] Fix Knowledge Base API (#211367)\n\n## Summary\n\nFixes bugs
related to Security Assistant Knowledge Base
API\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Hannah Mudge <Heenawter@users.noreply.github.com>\nCo-authored-by: Marta
Bondyra <4283304+mbondyra@users.noreply.github.com>\nCo-authored-by:
Davis Plumlee
<56367316+dplumlee@users.noreply.github.com>\nCo-authored-by: Jatin
Kathuria <jatin.kathuria@elastic.co>\nCo-authored-by: Chris Cowan
<chris@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Arturo
Lidueña <arturo.liduena@elastic.co>\nCo-authored-by: Jon
<jon@elastic.co>\nCo-authored-by: Rodney Norris
<rodney.norris@elastic.co>\nCo-authored-by: Elena Shostak
<165678770+elena-shostak@users.noreply.github.com>\nCo-authored-by:
Stratoula Kalafateli <efstratia.kalafateli@elastic.co>\nCo-authored-by:
Irene Blanco <irene.blanco@elastic.co>\nCo-authored-by: Cauê Marcondes
<55978943+cauemarcondes@users.noreply.github.com>\nCo-authored-by:
Carlos Crespo
<crespocarlos@users.noreply.github.com>","sha":"c822109a492fe4dcf38ca5aa6d87b2a95bf075c4"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211367","number":211367,"mergeCommit":{"message":"[Security
Assistant] Fix Knowledge Base API (#211367)\n\n## Summary\n\nFixes bugs
related to Security Assistant Knowledge Base
API\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Hannah Mudge <Heenawter@users.noreply.github.com>\nCo-authored-by: Marta
Bondyra <4283304+mbondyra@users.noreply.github.com>\nCo-authored-by:
Davis Plumlee
<56367316+dplumlee@users.noreply.github.com>\nCo-authored-by: Jatin
Kathuria <jatin.kathuria@elastic.co>\nCo-authored-by: Chris Cowan
<chris@elastic.co>\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Arturo
Lidueña <arturo.liduena@elastic.co>\nCo-authored-by: Jon
<jon@elastic.co>\nCo-authored-by: Rodney Norris
<rodney.norris@elastic.co>\nCo-authored-by: Elena Shostak
<165678770+elena-shostak@users.noreply.github.com>\nCo-authored-by:
Stratoula Kalafateli <efstratia.kalafateli@elastic.co>\nCo-authored-by:
Irene Blanco <irene.blanco@elastic.co>\nCo-authored-by: Cauê Marcondes
<55978943+cauemarcondes@users.noreply.github.com>\nCo-authored-by:
Carlos Crespo
<crespocarlos@users.noreply.github.com>","sha":"c822109a492fe4dcf38ca5aa6d87b2a95bf075c4"}}]}]
BACKPORT-->

---------

Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
 2025-02-26 01:13:47 +00:00
Kibana Machine
72aa9f258f
[8.18] [Security Solution] Adds prebuilt rule import/export cypress tests (#212172) (#212309) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Adds prebuilt rule import/export cypress tests
(#212172)](https://github.com/elastic/kibana/pull/212172)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T21:17:44Z","message":"[Security
Solution] Adds prebuilt rule import/export cypress tests
(#212172)\n\n**Partially addresses:**
https://github.com/elastic/kibana/issues/202079\n\n## Summary\n\nAdds
cypress tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204889\n\nFollow-up to:
https://github.com/elastic/kibana/pull/206893\n\nAdds tests for rule
import and export related to the prebuilt rule\ncustomization epic.\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7923\n-
[x] 🟢 Serverless
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7924","sha":"427d2d992988a125f00075ae959c33f6d2bc7a6e","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Adds prebuilt rule import/export cypress
tests","number":212172,"url":"https://github.com/elastic/kibana/pull/212172","mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule import/export cypress tests
(#212172)\n\n**Partially addresses:**
https://github.com/elastic/kibana/issues/202079\n\n## Summary\n\nAdds
cypress tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204889\n\nFollow-up to:
https://github.com/elastic/kibana/pull/206893\n\nAdds tests for rule
import and export related to the prebuilt rule\ncustomization epic.\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7923\n-
[x] 🟢 Serverless
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7924","sha":"427d2d992988a125f00075ae959c33f6d2bc7a6e"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212172","number":212172,"mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule import/export cypress tests
(#212172)\n\n**Partially addresses:**
https://github.com/elastic/kibana/issues/202079\n\n## Summary\n\nAdds
cypress tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204889\n\nFollow-up to:
https://github.com/elastic/kibana/pull/206893\n\nAdds tests for rule
import and export related to the prebuilt rule\ncustomization epic.\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7923\n-
[x] 🟢 Serverless
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7924","sha":"427d2d992988a125f00075ae959c33f6d2bc7a6e"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
 2025-02-25 13:57:19 +00:00
Davis Plumlee
b1da764d7d
[8.18] [Security Solution] Adds prebuilt rule customization integration tests (#207016) (#212314) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Adds prebuilt rule customization integration
tests (#207016)](https://github.com/elastic/kibana/pull/207016)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T14:35:17Z","message":"[Security
Solution] Adds prebuilt rule customization integration tests
(#207016)\n\n## Summary\n\nAdds tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204888\n\nAdds integration
tests for the prebuilt rule customization features\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7919\n-
[x] 🟡 Serverless
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7920\n-
[x] 🟡 Serverless
x100\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7927\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a51e96eae2904aa3488af1037d87d83beec2cd0d","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Adds prebuilt rule customization integration
tests","number":207016,"url":"https://github.com/elastic/kibana/pull/207016","mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule customization integration tests
(#207016)\n\n## Summary\n\nAdds tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204888\n\nAdds integration
tests for the prebuilt rule customization features\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7919\n-
[x] 🟡 Serverless
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7920\n-
[x] 🟡 Serverless
x100\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7927\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a51e96eae2904aa3488af1037d87d83beec2cd0d"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/212253","number":212253,"state":"MERGED","mergeCommit":{"sha":"c8beef4b9608465b14a097d8ab5fecb8fffbff5b","message":"[9.0]
[Security Solution] Adds prebuilt rule customization integration tests
(#207016) (#212253)\n\n# Backport\n\nThis will backport the following
commits from `main` to `9.0`:\n- [[Security Solution] Adds prebuilt rule
customization integration\ntests
(#207016)](https://github.com/elastic/kibana/pull/207016)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Davis Plumlee
<56367316+dplumlee@users.noreply.github.com>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207016","number":207016,"mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule customization integration tests
(#207016)\n\n## Summary\n\nAdds tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204888\n\nAdds integration
tests for the prebuilt rule customization features\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7919\n-
[x] 🟡 Serverless
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7920\n-
[x] 🟡 Serverless
x100\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7927\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a51e96eae2904aa3488af1037d87d83beec2cd0d"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-02-25 10:43:26 +01:00
Kibana Machine
2deb11215f skip failing test suite (#211959) 2025-02-25 09:15:48 +11:00
Kibana Machine
fc920f332c
[8.18] [Security Solution] Adds prebuilt rule customization cypress tests (#212170) (#212295) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Adds prebuilt rule customization cypress tests
(#212170)](https://github.com/elastic/kibana/pull/212170)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T18:35:21Z","message":"[Security
Solution] Adds prebuilt rule customization cypress tests
(#212170)\n\n**Partially addresses:**
https://github.com/elastic/kibana/issues/202068\n\n## Summary\n\nAdds
tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204888\n\nFollow-up to
https://github.com/elastic/kibana/pull/207016\n\nAdds cypress tests for
the prebuilt rule customization features\n\n### Checklist\n\nCheck the
PR satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7925\n-
[x] 🟢 Serverless
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7926","sha":"ca6cc7520b09f7fd5c455cd9935d80d3f16af1fc","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Adds prebuilt rule customization cypress
tests","number":212170,"url":"https://github.com/elastic/kibana/pull/212170","mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule customization cypress tests
(#212170)\n\n**Partially addresses:**
https://github.com/elastic/kibana/issues/202068\n\n## Summary\n\nAdds
tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204888\n\nFollow-up to
https://github.com/elastic/kibana/pull/207016\n\nAdds cypress tests for
the prebuilt rule customization features\n\n### Checklist\n\nCheck the
PR satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7925\n-
[x] 🟢 Serverless
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7926","sha":"ca6cc7520b09f7fd5c455cd9935d80d3f16af1fc"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212170","number":212170,"mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule customization cypress tests
(#212170)\n\n**Partially addresses:**
https://github.com/elastic/kibana/issues/202068\n\n## Summary\n\nAdds
tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204888\n\nFollow-up to
https://github.com/elastic/kibana/pull/207016\n\nAdds cypress tests for
the prebuilt rule customization features\n\n### Checklist\n\nCheck the
PR satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] 🟢 ESS
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7925\n-
[x] 🟢 Serverless
x50:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7926","sha":"ca6cc7520b09f7fd5c455cd9935d80d3f16af1fc"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
 2025-02-24 22:11:08 +00:00
Maxim Palenov
b7b034f165
[8.18] [Security Solution] Extend rule upgrade integration tests for prebuilt rule customization feature (#209260) (#212283) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Extend rule upgrade integration tests for
prebuilt rule customization feature
(#209260)](https://github.com/elastic/kibana/pull/209260)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-02-21T11:11:44Z","message":"[Security
Solution] Extend rule upgrade integration tests for prebuilt rule
customization feature (#209260)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/202078\n**Partially implements
test plan:** https://github.com/elastic/kibana/pull/205922\n\n##
Summary\n\nThis PR implements the Rule Upgrade test plan added in
https://github.com/elastic/kibana/pull/205922 and
https://github.com/elastic/kibana/pull/203331.\n\n## Details\n\nTests
cover only enabled customization and organized in a following way\n\n-
`diffable_rule_fields` folder contains per field tests. It focuses on
`DiffableRule`* fields. Each field has rule preview and upgrade
scenarios throughly covered. Assertion on stats are included in rule
preview tests to make sure the maximum coverage with reasonable
execution time. **Diffable rule fields` tests were moved to a separate
execution group to avoid exceeding execution limits.**\n-
`preview_prebuilt_rules_upgrade.ts` integration tests on
`/internal/prebuilt_rules/upgrade/_review` endpoint. It uses only `name`
and `tags` fields to minimize tests complexity. Basically it should be
considered as smoke tests.\n- `upgrade_prebuilt_rules` integrations test
on `/internal/prebuilt_rules/upgrade/_perform` endpoint. It uses only
`name` and `tags` fields to minimize tests complexity. Basically it
should be considered as smoke tests.\n\nThis PR supersedes
https://github.com/elastic/kibana/pull/205217 and
https://github.com/elastic/kibana/pull/205339.\n\n* `DiffableRule` was
added in the scope of prebuilt rules customization epic to serve rule
upgrades preview and performing upgrades. It represents slightly
reorganized rule fields to simplify prebuilt rule upgrade workflow
handling. There are utility functions transforming between
`RuleResponse` and `DiffableRule`.\n\n## Flaky test runner\n\nFlaky test
runs for 100 iterations were successful
(https://github.com/elastic/kibana/pull/209260#issuecomment-2649027038
and
https://github.com/elastic/kibana/pull/209260#issuecomment-2649627389).","sha":"4909770664a97f97bc38adc91dc852b5b1e6abf7","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Extend rule upgrade integration tests for prebuilt rule
customization
feature","number":209260,"url":"https://github.com/elastic/kibana/pull/209260","mergeCommit":{"message":"[Security
Solution] Extend rule upgrade integration tests for prebuilt rule
customization feature (#209260)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/202078\n**Partially implements
test plan:** https://github.com/elastic/kibana/pull/205922\n\n##
Summary\n\nThis PR implements the Rule Upgrade test plan added in
https://github.com/elastic/kibana/pull/205922 and
https://github.com/elastic/kibana/pull/203331.\n\n## Details\n\nTests
cover only enabled customization and organized in a following way\n\n-
`diffable_rule_fields` folder contains per field tests. It focuses on
`DiffableRule`* fields. Each field has rule preview and upgrade
scenarios throughly covered. Assertion on stats are included in rule
preview tests to make sure the maximum coverage with reasonable
execution time. **Diffable rule fields` tests were moved to a separate
execution group to avoid exceeding execution limits.**\n-
`preview_prebuilt_rules_upgrade.ts` integration tests on
`/internal/prebuilt_rules/upgrade/_review` endpoint. It uses only `name`
and `tags` fields to minimize tests complexity. Basically it should be
considered as smoke tests.\n- `upgrade_prebuilt_rules` integrations test
on `/internal/prebuilt_rules/upgrade/_perform` endpoint. It uses only
`name` and `tags` fields to minimize tests complexity. Basically it
should be considered as smoke tests.\n\nThis PR supersedes
https://github.com/elastic/kibana/pull/205217 and
https://github.com/elastic/kibana/pull/205339.\n\n* `DiffableRule` was
added in the scope of prebuilt rules customization epic to serve rule
upgrades preview and performing upgrades. It represents slightly
reorganized rule fields to simplify prebuilt rule upgrade workflow
handling. There are utility functions transforming between
`RuleResponse` and `DiffableRule`.\n\n## Flaky test runner\n\nFlaky test
runs for 100 iterations were successful
(https://github.com/elastic/kibana/pull/209260#issuecomment-2649027038
and
https://github.com/elastic/kibana/pull/209260#issuecomment-2649627389).","sha":"4909770664a97f97bc38adc91dc852b5b1e6abf7"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/212045","number":212045,"state":"MERGED","mergeCommit":{"sha":"5e5989ab91c571225a3bba0fa8affd0321312aee","message":"[9.0]
[Security Solution] Extend rule upgrade integration tests for prebuilt
rule customization feature (#209260) (#212045)\n\n# Backport\n\nThis
will backport the following commits from `main` to `9.0`:\n- [[Security
Solution] Extend rule upgrade integration tests for\nprebuilt rule
customization
feature\n(#209260)](https://github.com/elastic/kibana/pull/209260)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Maxim Palenov
<maxim.palenov@elastic.co>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/209260","number":209260,"mergeCommit":{"message":"[Security
Solution] Extend rule upgrade integration tests for prebuilt rule
customization feature (#209260)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/202078\n**Partially implements
test plan:** https://github.com/elastic/kibana/pull/205922\n\n##
Summary\n\nThis PR implements the Rule Upgrade test plan added in
https://github.com/elastic/kibana/pull/205922 and
https://github.com/elastic/kibana/pull/203331.\n\n## Details\n\nTests
cover only enabled customization and organized in a following way\n\n-
`diffable_rule_fields` folder contains per field tests. It focuses on
`DiffableRule`* fields. Each field has rule preview and upgrade
scenarios throughly covered. Assertion on stats are included in rule
preview tests to make sure the maximum coverage with reasonable
execution time. **Diffable rule fields` tests were moved to a separate
execution group to avoid exceeding execution limits.**\n-
`preview_prebuilt_rules_upgrade.ts` integration tests on
`/internal/prebuilt_rules/upgrade/_review` endpoint. It uses only `name`
and `tags` fields to minimize tests complexity. Basically it should be
considered as smoke tests.\n- `upgrade_prebuilt_rules` integrations test
on `/internal/prebuilt_rules/upgrade/_perform` endpoint. It uses only
`name` and `tags` fields to minimize tests complexity. Basically it
should be considered as smoke tests.\n\nThis PR supersedes
https://github.com/elastic/kibana/pull/205217 and
https://github.com/elastic/kibana/pull/205339.\n\n* `DiffableRule` was
added in the scope of prebuilt rules customization epic to serve rule
upgrades preview and performing upgrades. It represents slightly
reorganized rule fields to simplify prebuilt rule upgrade workflow
handling. There are utility functions transforming between
`RuleResponse` and `DiffableRule`.\n\n## Flaky test runner\n\nFlaky test
runs for 100 iterations were successful
(https://github.com/elastic/kibana/pull/209260#issuecomment-2649027038
and
https://github.com/elastic/kibana/pull/209260#issuecomment-2649627389).","sha":"4909770664a97f97bc38adc91dc852b5b1e6abf7"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-02-24 20:36:14 +01:00
Kibana Machine
29e2b6ad6a
[8.18] [Lens] Fix filter labels (#211998) (#212286) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Lens] Fix filter labels
(#211998)](https://github.com/elastic/kibana/pull/211998)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Nick
Partridge","email":"nicholas.partridge@elastic.co"},"sourceCommit":{"committedDate":"2025-02-24T17:02:48Z","message":"[Lens]
Fix filter labels (#211998)\n\nFixes issue causing filter labels to
render as `undefined`. Filter labels now display
correctly.","sha":"4a8928d5d44dc1e6363389bc0bd1f20049fa86ec","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","Team:Visualizations","release_note:skip","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Lens]
Fix filter
labels","number":211998,"url":"https://github.com/elastic/kibana/pull/211998","mergeCommit":{"message":"[Lens]
Fix filter labels (#211998)\n\nFixes issue causing filter labels to
render as `undefined`. Filter labels now display
correctly.","sha":"4a8928d5d44dc1e6363389bc0bd1f20049fa86ec"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211998","number":211998,"mergeCommit":{"message":"[Lens]
Fix filter labels (#211998)\n\nFixes issue causing filter labels to
render as `undefined`. Filter labels now display
correctly.","sha":"4a8928d5d44dc1e6363389bc0bd1f20049fa86ec"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Nick Partridge <nicholas.partridge@elastic.co>
 2025-02-24 19:15:43 +00:00
Kibana Machine
e4144c431c
[8.18] [Security Solution] Adds prebuilt rule import/export integration tests (#206893) (#212192) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Adds prebuilt rule import/export integration
tests (#206893)](https://github.com/elastic/kibana/pull/206893)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T01:18:02Z","message":"[Security
Solution] Adds prebuilt rule import/export integration tests
(#206893)\n\n## Summary\n\nAdds integration tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204889\n\nAdds on to the
existing tests we have for rule import and export to\ninclude tests
related to the prebuilt rule customization epic and the\nnew
functionality that will be shipping. All these tests are running\nbehind
the `prebuiltRulesCustomizationEnabled` feature flag.\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] ESS
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7921\n-
[x] Serverless
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7922\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Georgii
Gorbachev
<georgii.gorbachev@elastic.co>","sha":"3e4ed6ebd58c77f555e2eb1287f70ad41ca73666","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Adds prebuilt rule import/export integration
tests","number":206893,"url":"https://github.com/elastic/kibana/pull/206893","mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule import/export integration tests
(#206893)\n\n## Summary\n\nAdds integration tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204889\n\nAdds on to the
existing tests we have for rule import and export to\ninclude tests
related to the prebuilt rule customization epic and the\nnew
functionality that will be shipping. All these tests are running\nbehind
the `prebuiltRulesCustomizationEnabled` feature flag.\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] ESS
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7921\n-
[x] Serverless
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7922\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Georgii
Gorbachev
<georgii.gorbachev@elastic.co>","sha":"3e4ed6ebd58c77f555e2eb1287f70ad41ca73666"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206893","number":206893,"mergeCommit":{"message":"[Security
Solution] Adds prebuilt rule import/export integration tests
(#206893)\n\n## Summary\n\nAdds integration tests in accordance
to\nhttps://github.com/elastic/kibana/pull/204889\n\nAdds on to the
existing tests we have for rule import and export to\ninclude tests
related to the prebuilt rule customization epic and the\nnew
functionality that will be shipping. All these tests are running\nbehind
the `prebuiltRulesCustomizationEnabled` feature flag.\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] ESS
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7921\n-
[x] Serverless
x100:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7922\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Georgii
Gorbachev
<georgii.gorbachev@elastic.co>","sha":"3e4ed6ebd58c77f555e2eb1287f70ad41ca73666"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
 2025-02-24 03:46:43 +00:00