## Summary
- Adds an additional authz check to the execution of SentinelOne
sub-actions to ensure the user has the `all` privilege to "Actions and
Connectors"
## Summary
This PR implements many small refactors in the Timeline UI. I have
listed all the changes below which can help you while you are desk
testing.
### EQL Bar
|Before|After|
|--|--|
||
### Timeline Title Bar / Bottom Bar
Below screenshots show how timeline bottom bar has changed. Things to
note:
- Favorite button is now just an icon with the title. User can simply
click on it to favorite /un-favorite a timeline
|Before | After|
|---|---|
||
Below screenshots show how timeline title bar has changed. Things to
note :
- A new timeline action menu has been added to right to timeline title
bar.
- All actions such as create a new timeline, a new timeline template.
adding timeline to case, etc can be performed from here.
|Before|After|
|---|---|
||
- On the left side of the Timeline Header below are the changes.
- Timeline Title is not longer a button/link, so timeline cannot be
closed by clicking on that.
- ⊕ action menu is not longer available and corresponding actions are
available in above screenshots.
|Before|After|
|--|--|
||
### Timeline Header Panel
Below timeline header panel has been completely removed.
### Changes on how Data provider works
1. Data provider is by-default hidden in normal timeline but visible in
template timeline.
2. Data provider can be toggled by the user on-demand.
3. Data Provider will automatically become visible if user wants to put
a data grid column value in data provider and stars dragging it. Below
videos shows how that interaction works.
c7232596-40aa-4687-9fcf-e4a707be8a76
### KPI
This PR also changes how KPIs are visible in empty and populated state.
|Before|After|
|---|---|
||
KPI bar has been completely removed till this issue resolves:
https://github.com/elastic/kibana/issues/171569
### Query Bar
In contrast to current layout of the query bar, DataView picker, Query
bar and Date Picker has been brought in the same line. This was done in
an effort to make it uniform in looks w.r.t the global query bar.
---------------
#### Before
--------------
#### After
All the highlighted components are in the same line now + A button to
toggle Data Provider ( as explained in Data Porvider/QueryBuilder
Section) has also been added.
### Spacing Uniformity
In the existing version of timeline, spacing is different at many
places. This PR aims to bring some uniformity to those spacing decisions
( primarily in EQL and Query Tab). The changes are very minor visually,
please feel free to find and report any discrepancies.
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
In this PR, I'm relocating all Kibana Security types (along with a few
schemas necessary for some of these types, unfortunately) that are part
of public contracts to separate packages. This change will enable any
plugin to utilize Security APIs via "static" or
["runtime"](https://github.com/elastic/kibana/pull/167113) dependencies,
regardless of whether Kibana Security already relies on these plugins or
not.
__NOTE TO REVIEWERS:__ I tried to minimize changes as much as I could
via moving only necessary types. I also didn't move deprecated parts of
the Setup/Start contracts to these new packages.
__Triggered by:__ https://github.com/elastic/kibana/pull/168910
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Some post-build steps are failing because sometimes we're outgrowing the
buildkite metadata limits.
This PR will prevent upload of a text block too big, instead it will try
to gesture towards the build for more info.
https://github.com/elastic/kibana/issues/167666
PR adds table sorting. In picture below, table is sorted by request time
<img width="200" alt="Screenshot 2023-11-22 at 2 13 41 PM"
src="710b0a3e-875b-463a-8344-f171b37df506">
PR adds search bar. Screen shot below shows status filter popover
<img width="200" alt="Screenshot 2023-11-22 at 2 14 18 PM"
src="644eeb47-0eba-4742-a381-4f997fbdf379">
Then, once search selections are made, the search bar filters the health
bar and table. In the screen shot below, the table only display remote1
because its the only cluster that matches the status.
<img width="200" alt="Screenshot 2023-11-22 at 2 14 11 PM"
src="e9491c88-1f11-4179-ad4a-476f8fd210c0">
### test instructions
1. Follow CCS setup instructions from
https://github.com/elastic/kibana/issues/164350.
2. Open discover
3. Open inspector "clusters and shards" tab. Try sorting table and using
search bar to narrow clusters
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR updates the alert preview in Create rule -> Rule preview to use
the new expandable alert flyout:
- Switched timeline wrapper to be visible on create rule page. This
allows us to keep all the timeline navigation in the new expandable
alert flyout
- Disabled alert specific components, when flyout is open in create
rule:
- Alert status is not shown
- Rule summary preview is disabled
- Title link to rule details page is removed
- Exclude filter in/filter out hover actions in highlighted fields
- New placeholder text for investigation guide and response: we should
not show link to documentation when user is setting up a rule
With feature flag on:
a45e930e-f1e8-4899-aef4-1aa0c3dc3330
**How to test**
- Add `xpack.securitySolution.enableExperimental:
['expandableFlyoutInCreateRuleEnabled' ]` to `kibana.yml.dev`
- Go to Rules page -> Detection rules (SIEM) => Create rule
- Pick a rule type and populate the query, click `Continue`
- On the right hand side, click `Refresh`, some alerts should appear in
the table
- Click expand on a row
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Adding Usage Telemetry for Detection Rules & Secuirty Lists Tasks
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Pete Hampton <peter.hampton@elastic.co>
Co-authored-by: Pete Hampton <pjhampton@users.noreply.github.com>
## Summary
Makes the PIT finder more consistent by ignoring empty first page and
not yielding it (as this is also what is done for other pages)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes#169907
This PR cleans the ES|QL statement from DROP commands before sending it
over for the date histogram chart in Lens.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Closes https://github.com/elastic/kibana/issues/164305
## Summary
This PR adds two `uiCounters` to keep track of when something is clicked
in the new Links panel:
1. `dashboardLink:click` - counts when a dashboard link is clicked
2. `externalLink:click` - counts when an external link is clicked
These counters can be tracked via the `kibana-ui-counters` data view on
the telemetry clusters, like so:
Note that this **only** applies if the `onClick` method is called; if
the user, for example, right clicks on the link and selects "Open in new
tab" instead, this "click" will not be tracked. To my knowledge, there
is no way to track these types of clicks.
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Resolves https://github.com/elastic/kibana/issues/168959
## Summary
Hard-coding a list of experimental (RFC stage 2) ECS fields to exclude
from the ECS component template. These are only the fields that are not
currently defined in `ecs_flat.yml`. The only existing field that is
excluded is `faas.trigger` which, if included, will cause a mapping
conflict exception because of an ECS mapping change from `nested` to
`object`.
## To Verify
Compare the mappings for the `.alerts-ecs-mappings` component template
between `main` and this branch and notice that the `faas.trigger` field
is excluded from the component template on this branch.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Fixes#167767
## Summary
I added information about whether the custom field is required or not.
Additionally, I followed @mdefazio 's comment and changed how we display
these to use an`EuiBadge` instead. The color is custom.
<img width="1207" alt="Screenshot 2023-11-27 at 11 57 52"
src="4c491293-1ccf-4377-843f-55fef45fc9b3">
Fixes#170048
## Summary
This PR adds support in the `UI` for the `custom_details` and links
attributes in the Pagerduty connector.
### Release Notes
PagerDuty connector now supports the links and custom_details
attributes.
## Summary
Allows searching on the ES|QL reference markdown. This means that now
the search will return more results. Examples:
- If I search for keep it will return all the occurences of the word
keep so the user will see the keep command but also all the other
commands that the keep word is used in the examples. I think that this
is very useful as the user can see more than 1 examples of a command
- If I search for date it will return not only the commands that have
the word date but also the commands that allow date in their arguments
- As now it searches also to the description it can also return false
positive results. I think is an accepted drawback.
<img width="1050" alt="image"
src="5de45bcf-c0fc-4fbc-bbdf-bdf25fcb89f6">
Note: I am not allowing this for Lens formulas. I introduced a new
property to disable it. The implementation works for formulas too but we
haven't received any negative feedback so far so I would like to test it
in the ES|QL reference first.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes#171843
## Summary
This PR fixes not showing the threshold line in the following case:
<img
src="fa0af167-b7f1-499a-a703-b336d4f2414c"
width=500 />
## Summary
- Added vertical scroll to the column selection popover
- Changed the fixed width of some columns in the cases table
08bccc40-792c-4bc0-8a4b-2a007b7257c2
## Summary
Several improvements to tracing and logging in Fleet setup to find root
cause of problems:
- Add a trace transaction to ensure Fleet setup calls on Kibana start up
are traced
- Add specific spans around each step of setup preconfiguration to more
easily correlate errors to the process
- Capture errors in APM errors
- Add stack traces to error logs during package installation to better
identify the cause of the error
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This adds a new "Universal Profiling" tab to asset details with a
flamegrapth for a selected host. The tab is behind a feature flag and is
disabled by default. It will be enabled by default for clound/onprem
once we implement Profiling empty state, serverless is tbd.
* Added two new endpoints for fetching profiling status (not used by the
FE yet) and flamegraph data.
* Added a `profilingEnabled` feature flag
* Added a new tab in the UI and integrated the Flamegraph embeddable
## How to test
* Connect local kibana to oblt cluster that has Profiling configured
(e.g. edge)
* Add this to your dev `kibana.yml`
```
xpack.profiling.enabled: true
xpack.infra.profilingEnabled: true
# Direct ES URL on the oblt cluster that you're using, in case of edge it's https://edge-oblt.es.us-west2.gcp.elastic-cloud.com:443
xpack.profiling.elasticsearch.hosts: REMOTE_CLUSTER_ES_URL
# If needed create a new user on the remote oblt cluster
xpack.profiling.elasticsearch.username: REMOTE_CLUSTER_USER
xpack.profiling.elasticsearch.password: REMOTE_CLUSTER_PASWORD
```
* Open kibana, go to Hosts
* Open a flyout for one of the hosts and make sure you see the Profiling
tab with a flamegraph
* Open Host details as a full page and also make sure you see the new
tab
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Moves the categorize field uiAction trigger and action and related items
to the AIOps/ML uiActions package.
ML and AIOps are adding more and more uiActions, and so it's nicer to
have them all in one package.
Also cleans up the registration of the uiActions in the AIOps plugin
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
These tests rely on using browser performance timings to extract URLs
used when resolving ML job IDs to check if the right format is used and
updated when migrating to the new format.
Because this change is transparent to the user there isn't any way to
test the behaviour through UI elements and due to the structure of the
state management it's not straight forward to test it in isolation.
https://github.com/elastic/kibana/issues/171913 has been opened to
refactor the state management which should allow for this tests to be
updated and re-enabled.
## Summary
Fix https://github.com/elastic/kibana/issues/54368
Add support for hot reloading the Kibana server's TLS configuration,
using the same `SIGHUP`-based reload signal, as already implemented for
other parts of the Kibana configuration (e.g `logging`)
**Note:**
- hot reloading is only supported for the server TLS configuration
(`server.ssl`), not for the whole `server.*` config prefix
- swaping the certificate files (without modifying the kibana config
itself) is supported
- it is not possible to toggle TLS (enabling or disabling) without
restarting Kibana
- hot reloading requires to force the process to reload its
configuration by sending a `SIGHUP` signal
### Example / how to test
#### Before
```yaml
server.ssl.enabled: true
server.ssl.certificate: /path-to-kibana/packages/kbn-dev-utils/certs/kibana.crt
server.ssl.key: /path-to-kibana/packages/kbn-dev-utils/certs/kibana.key
```
<img width="550" alt="Screenshot 2023-11-23 at 15 11 28"
src="1226d161-a9f2-4d62-a3de-37161829f187">
#### Changing the config
```yaml
server.ssl.enabled: true
server.ssl.certificate: /path-to-kibana/packages/kbn-dev-utils/certs/elasticsearch.crt
server.ssl.key: /path-to-kibana/packages/kbn-dev-utils/certs/elasticsearch.key
```
```bash
kill -SIGHUP {KIBANA_PID}
```
<img width="865" alt="Screenshot 2023-11-23 at 15 18 21"
src="c9412b2e-d70e-4cf0-8eaf-4db70a45af60">
#### After
<img width="547" alt="Screenshot 2023-11-23 at 15 18 43"
src="c839f04f-4adb-456d-a174-4f0ebd5c234c">
## Release notes
It is now possible to hot reload Kibana's TLS (`server.ssl`)
configuration by updating it and then sending a `SIGHUP` signal to the
Kibana process.
Note that TLS cannot be toggled (disabled/enabled) that way, and that
hot reload only works for the TLS configuration, not other properties of
the `server` config prefix.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
