## Summary
This PR, creates default data view : `default:all-data` with index
Pattern `*` during the startup of `serverless_search` plugin
## Screen Recording
997f46b4-4cf8-4f64-8fbd-d84c0f7bd644
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Following the initial work in this
https://github.com/elastic/kibana/pull/166755
- Addresses part of https://github.com/elastic/kibana/issues/151902 for
rule execution logic
- Moved the utility files associated with rule execution logic to the
new directory `security_solution_api_integration`. Files not actively
used in the previous folder were moved, while duplicate files remained
in their original positions.
- Updated the CodeOwner file for the newly moved tests
- Old/new group details, decisions, and execution time are mentioned in
this[document](https://docs.google.com/document/d/1CRFfDWMzw3ob03euWIvT4-IoiLXjoiPWI8mTBqP4Zks/edit)
- Added new `Alert` archive for version `8.8.0`
- Resolved the issue with the `query.ts` test where the execution logic
is executed last, encompassing the "query" test because it was unloading
the alerts document and led to failures in subsequent tests.
- For `Alert As Data` in **Serverless** the alert ancestor will be a
data-stream however in **ESS** will be
`.internal.alerts-security.alerts-default-000001'`
| Action | File | New Path if moved |
|--------|------|----------|
| Delete| security_and_spaces/rule_execution_logic| - |
| Delete|security_and_spaces/group5 | - |
|
Move|detection_engine_api_integration/security_and_spaces/group5|detections_response/default_license/rule_execution_logic/keyword_family|
|
Move|detection_engine_api_integration/security_and_spaces/rule_execution_logic|
detections_response/default_license/rule_execution_logic/execution_logic
|
| Move
|detection_engine_api_integration/security_and_spaces/group1/ignore_fields|
detections_response/default_license/rule_execution_logic/ignore_fields.ts|
|
Move|detection_engine_api_integration/security_and_spaces/group1/runtime|
detections_response/default_license/rule_execution_logic/runtime.ts |
|
Move|detection_engine_api_integration/security_and_spaces/group1/timestamps|
detections_response/default_license/rule_execution_logic/timestamps.ts|
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/170421
### 1. Introduce the `http.staticAssets` service
Which can be used to generate hrefs to Kibana's static assets in a
CDN-friendly way (based on the CDN url if defined in the config, and the
Kibana's basePath otherwise)
The service is exposed both on the browser and server-side.
For now a single API is exposed: `getPluginAssetHref`
```ts
// returns "/plugins/{pluginId}/assets/some_folder/asset.png" when CDN isn't configured
core.http.statisAssets.getPluginAssetHref('some_folder/asset.png');
```
### 2. Plug it on some of the `home` plugin assets
Adapt the sample data sets and tutorial schemas to use the service for
links to the associated assets
## How to test
#### 1. Edit`/etc/hosts`
add a line `127.0.0.1 local.cdn`
#### 2. Edit `kibana.yaml`
Add `server.cdn.url: "http://local.cdn:5601"`
#### 3. Boot kibana and navigate to sample data set installation
(if started in dev mode, use `--no-base-path`)
Confirm that the sample data set presentation images are pointing to the
CDN url and properly displayed:
<img width="1565" alt="Screenshot 2023-11-13 at 09 28 51"
src="23a887af-00cb-400c-9ab1-511ba463495f">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes - https://github.com/elastic/kibana/issues/170133
## Summary
This PR adds support for generating logs using the Synthtrace Client
Changes include
1. Changes to Synthtrace package to support new Logs Client and Log
Class for helper methods
2. [Stateful Tests] - Change to our FTR Context config to inject the new
the Log Synthtrace Client
3. [Serverless Tests] - Injected Synthtrace as a service for serverless
tests.
4. A sample test added to `app.ts` to demonstrate how Synthtrace can be
used to generate Log data in both Stateful and Serverless
5. Add support to generate logs via CLI. 2 scenarios added -
`simple_logs.ts` and `logs_and_metrics.ts`
```
# Live Data
node scripts/synthtrace simple_logs.ts --clean --live
# Static Data
node scripts/synthtrace simple_logs.ts --clean
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
Co-authored-by: Yngrid Coello <yngrdyn@gmail.com>
Per https://github.com/elastic/security-team/issues/7803, the security
solution team would like to increase the timeout for the threat
indicator match rule to 10 minutes. They're experiencing timeouts with
the 1 minute circuit breaker and are comfortable with the trade-offs
this will have.
## Summary
Fixes#166851
It uses the Lens Visualisation to show the preview chart.
## ⚙️ TBD
- Equation ✅
- Better loading and empty state handling ✅
- Add timestamp + the bucket size ✅
- Add more space to the Y-axis to see the Threshold line ✅
- Add more time range when the rule time range is small ✅
## 🧪 Covered and tested use cases
### Adding lookback time and make the interval of Lens as the rule time
size
255b6724-c81f-4b5b-8941-22ff7827dd95
### No data
<img width="616" alt="Screenshot 2023-11-03 at 10 04 30"
src="5bcb93df-afa9-4449-98f6-3235bf1c7fcd">
### No data (out of time range)
<img width="583" alt="No data (out of time range)"
src="2f6ba4a8-1837-462b-bd3c-c14a7cbfc934">
### Data with above threshold
<img width="593" alt="data with above threshold "
src="ccf53fc2-acc3-412f-b906-680daf4c8f48">
### Data within between threshold
<img width="596" alt="data with in between threshold"
src="90bdd4bb-fb16-4754-8c09-1eed1c69f3f1">
### Data with below threshold
<img width="593" alt="data with below threshold"
src="ea48ece1-30b8-4c56-9c3b-3a6443edb75a">
### Data within not in between threshold
<img width="592" alt="data with in not in between threshold"
src="5e938855-2433-4dac-9470-627f2ff7925f">
### Data with query filter
<img width="587" alt="data with filter"
src="1b6b9ea3-1d91-4bf0-be2d-67a091cbac7c">
### Data with Doc count + fliter
<img width="595" alt="data with Doc count + fliter"
src="a6a577d9-e3c3-46f0-bc25-5aa56a21b2f5">
### Data with Doc count without filter
<img width="590" alt="Doc count without filter"
src="6dd21cba-2f44-47dc-ab9a-fdfc19127498">
### Data with group by
<img width="580" alt="group by"
src="fd7b8763-1a2e-43a0-8097-61e4154f5399">
### Data with cardinality
<img width="573" alt="cardinality"
src="4bd28a54-9ebe-4044-bfc3-7a62a4f31e08">
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fix https://github.com/elastic/kibana/issues/154421
Using the component suggested by EUI team effectively makes the icon
focusable with the keyboard.
I verified that the tooltip appears automatically when focussing it:
<img width="372" alt="image"
src="c4c91a2a-f045-4f77-870d-9a1132c8dbee">
Most transform API routes were set up in a single file, this PR splits
up the routes into individual files.
No inner logic of any routes changed, just some types and constants were
also moved around and a bit improved as part of the refactor.
## Summary
During a quick glance to see if the unified fields table/list usage in
timeline were introducing any performance issues, I noticed 2 small
issues that I wanted to fix separately. The first is the ids generated
on the front end and used for different aria-* attributes are not stable
like they should be, and instead change every render. Now they are
generated only once when the node appears on screen, more in line with
how MDN says they should be used.
Before:
After:
Another component that was needlessly re-rendering on every single
security app redux store change was the alert_context_menu, due to the
"selectors" used to get the global/timeline queries for refetching data
in the different context menu actions being not really selectors at all,
and would instead return a new object every single time. This removes
the react-redux connect method for hooks, and makes the not really a
selector function not change constantly. A lot of our reselect usage
should be overhauled and verified for correctness at some point, but
this is a small improvement. In the gifs above, each mouse movement
fires an event that changes a value in the analyzer part of the store
that tracks mouse position, and the alert context menu component,
including in the underlying alerts table cells if a user is on that
page, would re-render on every single 'onmousemove' event, after this pr
it no longer does.
This refactors the route handler of the log rate analysis API endpoint.
So far this route handler contained a lot of logic and was growing past
900+ lines with every new feature we worked on. This PR changes it so
the route handler can walk through the analysis steps on a higher level.
`define_route.ts:defineRoute()` is the outer most wrapper that's used to
define the route and its versions. It calls
`route_handler_factory:routeHandlerFactory()` for each version.
The route handler sets up
`response_stream_factory:responseStreamFactory()` to create the response
stream and then walks through the steps of the analysis.
The response stream factory acts as a wrapper to set up the stream
itself, the stream state (for example to set if it's running etc.), some
custom actions on the stream as well as analysis handlers that fetch
data from ES and pass it on to the stream.
## 🍒 Summary
This is a PR for #169728, it refactors the transforms to use an enrich
policy to inject fields from the SLO definition in the ingest pipeline
for both the SLI and summary indices. I also added the `event.ingested`
field to the SLI data to see how that would work with the summary
transform.
### 🐰 Prerequisites
https://github.com/elastic/elasticsearch/pull/101682Fixes#169956Fixes#166687Fixes#166955Fixes#169728
---------
Co-authored-by: Kevin Delemme <kevin.delemme@elastic.co>
## Summary
Resolves: https://github.com/elastic/kibana/issues/171036
Fixes a bug where the schema name for the conditional action filter
`$state` was incorrectly name. This prevented the user from adding
filters to conditional actions as the schema validation would reject the
request.
### To verify the fix:
1. Create a rule
2. Add a conditional action
3. Assert that filters can be added to the rule
4. Rule is saved
5. Repeat 1 - 4 but this time, update the rule.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR is part of Quick Wins
This PR updates the message on Confirm Agent Enrollment sections for CSP
integrations.
When Adding Integrations for CSP, instead of getting 'Listening for
agent...' User will see 'Listening for agent... this can take several
minutes'
CSP
<img width="1427" alt="Screenshot 2023-11-09 at 3 54 56 PM"
src="cf7cb24c-c03e-4bd1-bff7-58682b46fb0e">
Non-CSP
<img width="1538" alt="Screenshot 2023-11-09 at 3 56 16 PM"
src="a941000e-74b6-4bea-9456-4c86ed23730c">
## Summary
This PR refactors the export type classes into their own packages to be
then instantiated in the reporting plugin. This will reduce bloat in the
central reporting plugin.
**Main packages**
- `kbn/reporting-export-types-{png,pdf,csv}` are server packages with
export type declarations
- `kbn/reporting-export-types-{png,pdf,csv}-common` are shared common
packages with type declarations and constants
**Other changes**
- Remove `reporting.getScreenshots()`
- Remove duplicated `schema_utils.ts`
- Consolidate `JOB_STATUS` declaration as an enum
<img width="1063" alt="image"
src="bced8321-93c5-4ebd-b31e-1fd946166241">
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Timothy Sullivan <tsullivan@elastic.co>
This PR enhances Fleet's `getAllAgents` service by adding the capability
to pass aggregation parameters. With this improvement, we can eliminate
the need for the search strategy, which was originally used solely for
this purpose. Instead, we can rely on the mentioned Fleet service for
aggregation.
Furthermore, we have now restricted the selection of agents to those
that are online, and we have excluded status: offline from the
aggregation of policies and platforms in the search box.
Closes https://github.com/elastic/security-team/issues/7860
Closes https://github.com/elastic/kibana/issues/166034
## Summary
The ML inference pipelines setting will now default to true. Note the
value comes from Elasticsearch, so this object is most likely ignored.
## Summary
While running the Snapshot restore test locally, I noticed that
sometimes it fails because the created test snapshot is still loading at
the time when the web driver tries to click the "Restore" button, so I'm
increasing the sleep time a bit to make sure we allow enough time for
the snapshot to be ready and to future-proof the test against flakiness.
Flaky test runner build:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3982
