_This PR does not need to be reviewed by external teams. This PR merges
into a feature branch that Kibana presentation team is working on to
convert the embeddable framework to only expose serialized state. Your
team will be pinged for review once the work is complete and the final
PR opens that merges the feature branch into main._
## Summary
Converts the Alerts embeddable table to serialized state only
This embeddable is not in use yet. Testing requires uncommenting [this
line](f1eb019b7b/x-pack/platform/plugins/shared/embeddable_alerts_table/public/plugin.ts (L36))
in the embeddable alerts table plugin.
_This PR does not need to be reviewed by external teams. This PR merges
into a feature branch that Kibana presentation team is working on to
convert the embeddable framework to only expose serialized state. Your
team will be pinged for review once the work is complete and the final
PR opens that merges the feature branch into main._
## Summary
Convert SLO Error Budget embeddable to serialized state only
## Testing this PR
Create an SLO using the "How to Test" section in the description of
[this PR](https://github.com/elastic/kibana/pull/179147).
## Summary
Introduces a new fleet config variable to be able to set the default the
fleet setting for `prerelease_integrations_enabled`.
This is to be used in the new search_ai_lake tier for the ai4dsoc
project as we want to enable pre-release versions by default.
## How to test
1. Set `xpack.fleet.prereleaseEnabledByDefault: true` in your
`kibana.dev.yml`
2. Start up elasticsearch and kibana
3. Navigate to the integrations page and the toggle to enable should be
on
<img width="750" alt="Screenshot 2025-04-16 at 3 25 50 PM"
src="https://github.com/user-attachments/assets/17d14630-94f5-4f2a-ab32-d733d0b36d48"
/>
OR
1. Add the following to `serverless.security.dev.yml`:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
2. Restart Kibana serverless for security
3. Navigate to the Configurations -> Integrations page
4. Click on the 'Splunk' integration and verify it loads the page
<img width="750" alt="Screenshot 2025-04-16 at 5 15 28 PM"
src="https://github.com/user-attachments/assets/ba4bf986-1b47-4703-9f33-9a0a7a437539"
/>
___
Relates: https://github.com/elastic/security-team/issues/11789
## Summary
These changes revert accidentally removed attack discovery scheduling
routes registration by this PR
https://github.com/elastic/kibana/pull/218018/files#diff-fc08114e3940ca525cd8a2b7d746786ddabf8d27f8595438cdfc19371ee23831L44
Since the changes from that PR did not go into the `8.19`, we would not
need the backport to that branch.
## NOTES
The feature is hidden behind the feature flag (in `kibana.dev.yml`):
```
feature_flags.overrides:
securitySolution.assistantAttackDiscoverySchedulingEnabled: true
```
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[@launchdarkly/node-server-sdk](https://redirect.github.com/launchdarkly/js-core/tree/main/packages/sdk/server-node)
([source](https://redirect.github.com/launchdarkly/js-core)) |
dependencies | minor | [`^9.7.7` ->
`^9.8.0`](https://renovatebot.com/diffs/npm/@launchdarkly%2fnode-server-sdk/9.7.7/9.8.0)
|
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNvcmUiLCJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6cHJldi1taW5vciIsInJlbGVhc2Vfbm90ZTpza2lwIl19-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Jean-Louis Leysens <jeanlouis.leysens@elastic.co>
**!!MAJORITY OF THE CHANGED FILES ARE MOVED OR COPIED!!**
### Vision
According to the product vision we will build a new simple UI/UX in the
future https://github.com/elastic/security-team/issues/11790
This PR is a first iteration on enabling Content Connectors Management
UI in Serverless Kibana Stack Management.
Elastic Managed content connectors will be available only for Security
and Observability projects.
### Current PR scope
1. Used initial search_connectors plugin and renamed it to
content_connectors + moved from `x-pack/solutions/search` to
`x-pack/platform/plugins/shared`
2. Copy relevant connectors UI and routes from enterprise_search plugin.
3. Introduce the new Stack Management card/navigation option under the
Data section.
4. Enabled this plugin only in Serverless for Security and Observability
projects.
5. For making PR smaller Pipelines tab was not moved. And according to
Search team vision this functionality should be dropped anyway soon.
6. Extended fleet package logic to include elastic_connectors for
security and o11y serverless projects
7. Added back `search:agentless-connectors-manager` task
In Stack Management navigation:
<img width="2062" alt="Screenshot 2025-04-15 at 3 51 43 PM"
src="https://github.com/user-attachments/assets/5c93ba01-9a6a-4eac-a21d-1370f03b8f35"
/>
Stack Management cards:
<img width="2081" alt="Screenshot 2025-04-10 at 8 41 43 PM"
src="https://github.com/user-attachments/assets/3def1c12-561b-4a84-8241-4dd61cd9313d"
/>
Create Elastic Managed Connector UI (on Agentless):
<img width="1822" alt="Screenshot 2025-04-15 at 3 55 29 PM"
src="https://github.com/user-attachments/assets/6e9fea48-85e7-43df-919d-0e5492d0e704"
/>
Create Self Managed Connector UI:
<img width="2064" alt="Screenshot 2025-04-15 at 3 55 49 PM"
src="https://github.com/user-attachments/assets/d5051898-c8fa-4e41-b9ea-b41d4ed4a0d5"
/>
### Next steps
- [ ] Remove duplicated code between content_connectors,
enterprise_search and serverless_search
- [ ] Extract [common server
libs](https://github.com/elastic/kibana/tree/main/x-pack/solutions/search/plugins/enterprise_search/server/lib)
to the shared package `kbn-search-connectors`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Artem Shelkovnikov <artem.shelkovnikov@elastic.co>
Co-authored-by: Artem Shelkovnikov <lavatroublebubble@gmail.com>
Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
## Summary
Alert flyout for AI for the SOC.
<img width="600" alt="Screenshot 2025-04-11 at 12 15 22 PM"
src="https://github.com/user-attachments/assets/fea2f7fb-7424-46b5-b9c2-5cafa336b0a9"
/>
### The flyout sections include:
- New header highlighting the integration source
<img width="596" alt="Screenshot 2025-04-11 at 12 16 00 PM"
src="https://github.com/user-attachments/assets/13033225-9e41-431f-8061-5df96a981665"
/>
- AI generated alert summary generated by button (Generate or
Regenerate). Stored in a new data stream
(`.kibana-elastic-ai-assistant-alert-summary-*`)
<img width="595" alt="Screenshot 2025-04-11 at 12 15 55 PM"
src="https://github.com/user-attachments/assets/ac835db2-2cbb-4a59-9e71-f1a9616a777f"
/>
- Anonymization toggle for the alert summary is located in the flyout
gear settings menu
<img width="270" alt="Screenshot 2025-04-11 at 12 32 45 PM"
src="https://github.com/user-attachments/assets/952936b9-571b-48e5-bd57-ecfd33855df3"
/>
- Highlighted fields
<img width="600" alt="Screenshot 2025-04-11 at 12 15 52 PM"
src="https://github.com/user-attachments/assets/3fccfab2-3e8b-4edc-adaf-3f320d9a5d20"
/>
- Attack discovery `MiniAttackChain` (currently hardcoded to a
preconfigured connector, waiting for further work from @andrew-goldstein
to hook up to actual alert related AD)
<img width="597" alt="Screenshot 2025-04-11 at 12 15 36 PM"
src="https://github.com/user-attachments/assets/d181f68d-5b77-4df4-a316-54e84d655a4c"
/>
- Conversations dropdown that show any conversations this alert is
referenced
<img width="601" alt="Screenshot 2025-04-11 at 12 18 03 PM"
src="https://github.com/user-attachments/assets/71d533d3-99b4-49c4-b336-05152fd64ed4"
/>
- Suggested prompts that create a new conversation with the alert as
context (_copy pending_)
<img width="594" alt="Screenshot 2025-04-11 at 12 18 09 PM"
src="https://github.com/user-attachments/assets/bca58f5a-f05c-4cdf-a466-0926c99e0ad6"
/>
- The connector used in the alert summary generation is selected in
Stack Management > Advanced Settings > Security Solution > Default AI
Connector (_copy pending_)
<img width="1163" alt="Screenshot 2025-04-11 at 12 34 15 PM"
src="https://github.com/user-attachments/assets/d2128497-22e4-4c14-b08c-991dc8287391"
/>
### New prompts
This PR adds 2 new prompts under a new `promptGroupId.aiForSoc`:
- `promptDictionary.alertSummarySystemPrompt`
- `promptDictionary.alertSummary`
In order to access these prompts in the proper spots, the new find alert
summary route returns the "user" prompt
(`promptDictionary.alertSummary`). In order to get the system prompt in
place, we pass a `promptIds` object to the
`POST_ACTIONS_CONNECTOR_EXECUTE` which is appended to the main system
prompt
## Testing
This needs to be ran in Serverless:
- `yarn es serverless --projectType security`
- `yarn serverless-security --no-base-path`
You also need to enable the AI for SOC tier, by adding the following to
your `serverless.security.dev.yml` file:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
Use one of these Serverless users:
- `platform_engineer`
- `endpoint_operations_analyst`
- `endpoint_policy_manager`
- `admin`
- `system_indices_superuser`
Then:
- generate data: `yarn test:generate:serverless-dev`
- create 4 catch all rules, each with a name of a AI for SOC integration
(`google_secops`, `microsoft_sentinel`,, `sentinel_one` and
`crowdstrike`) => to do that you'll need to temporary comment the
`serverless.security.dev.yaml` config changes as the rules page is not
accessible in AI for SOC.
- change [this
line](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/detections/hooks/alert_summary/use_fetch_integrations.ts#L73)
to `installedPackages: availablePackages` to force having some packages
installed
- change [this
line](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/detections/hooks/alert_summary/use_integrations.ts#L63)
to `r.name === p.name` to make sure there will be matches between
integrations and rules
With this alerts data, you should be able to test each section of the
flyout _except_ the attack discovery widget, instructions for that are
below.
#### Attack discovery widget
As I am waiting for updates from Andrew, currently the attack discovery
widget looks up attack discoveries from a particular preconfigured
connector. In order to test:
1. Add preconfigured connector to your `kibana.dev.yml`:
https://p.elstc.co/paste/J2qmGMeQ#GKSPhlggX4F93aUSKJsKpsqtCcyTepCkfJOEVxlZyfB
2. Generate attack discovery with this connector
3. Open the new flyout, you will see the attack discovery widget
## Outstanding TODOs
These are all noted in the code
1. Attack discovery widget is hardcoded to the preconfigured connector
id. The widget should instead look up discoveries by alert ID, pending
work from @andrew-goldstein
2. Update copy for suggested prompts
3. Update copy for ai connector UI setting
4. Update AI connector UI setting to default to Elastic Managed LLM once
it is fully available in serverless
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: PhilippeOberti <philippe.oberti@elastic.co>
Co-authored-by: Angela Chuang <yi-chun.chuang@elastic.co>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base-fips | digest | `b6d3d24` ->
`88dc781` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwiY2k6YnVpbGQtZG9ja2VyLWZpcHMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
## Summary
Main ticket ([Internal
link](https://github.com/elastic/security-team/issues/12006))
These changes add Schedule Details and Editing workflows allowing users
to see schedule information in a separate flyout and/or update the
schedule parameters within it.
## NOTES
The feature is hidden behind the feature flag (in `kibana.dev.yml`):
```
feature_flags.overrides:
securitySolution.assistantAttackDiscoverySchedulingEnabled: true
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes: #218351
**Description**
When user clicks on assign new roles to a space button, the resulting
flyout gets announced incorrectly as "you are in a modal dialog..."
which doesn't give any context to non-sighted user.
**Changes made:**
1. added 'aria-labelledby' attribute
**Screen:**
<img width="1323" alt="image"
src="https://github.com/user-attachments/assets/63ffdcca-2139-4302-9dce-ded3a4d3b9a2"
/>
## Summary
This PR performs some very minor performance improvements to the
`expandable-flyout` package:
- prevent unnecessary re-renders by extracting styles to const
- better use of `useCallback`
No UI or behavior changes are introduced.
https://github.com/user-attachments/assets/c7f55a4e-7f98-4c18-bb22-f8b81a11e626
## Summary
- Fix https://github.com/elastic/kibana/issues/216044
- Add a new EBT event collecting index template info
```typescript
export interface IndexTemplateInfo {
template_name: string;
index_mode: Nullable<string>;
datastream: boolean;
package_name: Nullable<string>;
managed_by: Nullable<string>;
beat: Nullable<string>;
is_managed: Nullable<boolean>;
composed_of: string[];
source_enabled: Nullable<boolean>;
source_includes: string[];
source_excludes: string[];
}
```
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
**Resolves: https://github.com/elastic/kibana/issues/209000**
**Related PR: https://github.com/elastic/kibana/pull/213750**
## Summary
This PR updates the code to show a promo banner in the rules table. With
this change, this banner will be shown in both ESS (8.18+) and
Serverless. Previously it was shown only in ESS. In both ESS and
Serverless the blog link is the same – this is expected and correct.
We couldn't add a banner for Serverless earlier, because the blog post
was published on the 8.18/9.0 release day. If we would have added it
earlier, Serverless users would click on a link at get a 404 page.
Expected behaviour for both ESS and Serverless:
- Banner is visible above the rules table
- The link leads to
https://www.elastic.co/blog/security-prebuilt-rules-editing
<img width="1006" alt="Schermafbeelding 2025-03-11 om 12 25 45"
src="https://github.com/user-attachments/assets/41d83db9-4bc4-433e-a7e2-c5ef1049a20c"
/>
**Changes:**
- Adds a rule management table banner to promote prebuilt rule
customization in Serverless. Previously this banner was only shown in
ESS. Banner is dismissible. Its state is stored in localStorage.
- Tweaks banner wording a bit as per docs suggestion
([comment](https://github.com/elastic/kibana/pull/213750/files#r1989313701))
For the embeddable waterfall to be successful, we want to remove
unnecessary information and be able to select which records should be
displayed.
We need to remove:
- Accordions
- Services Legend
We want to display (or hide anything that isn't):
- root,
- direct parent,
- current span or transaction (highlighted)
- up to 2 children.
- Errors will be represented with an icon in the embeddable form of the
waterfall and the badge in the regular form
https://github.com/user-attachments/assets/bf8d34d7-173c-4a1a-8ccf-2f98f43fc625
## Using the embeddable:
1: Loads standard trace waterfall (like the one on APM UI)
```
<ReactEmbeddableRenderer
type="APM_TRACE_WATERFALL_EMBEDDABLE"
getParentApi={() => ({
getSerializedStateForChild: () => ({
rawState: {
serviceName: 'foo',
traceId: 'e7b9d541fae0e25106291f7ac0947acd',
entryTransactionId: '2d94d9d4fda31c18',
rangeFrom: '2025-03-26T00:00:00.513Z',
rangeTo: '2025-03-26T20:52:42.513Z',
displayLimit: 5, //optional param when omitted it renders the entire waterfall
},
}),
})}
hidePanelChrome={true}
/>
```
2: Loads focused trace waterfall (some trace events are hidden and a
summary is available)
```
<ReactEmbeddableRenderer
type="APM_TRACE_WATERFALL_EMBEDDABLE"
getParentApi={() => ({
getSerializedStateForChild: () => ({
rawState: {
traceId: 'e7b9d541fae0e25106291f7ac0947acd',
rangeFrom: '2025-03-26T00:00:00.513Z',
rangeTo: '2025-03-26T20:52:42.513Z',
docId: SPAN_OR_TRANSACTION_ID
},
}),
})}
hidePanelChrome={true}
/>
```
## Summary
Implements the alerts filters form that will be used to pre-filter the
alerts table embeddable.
<img width="1004" alt="image"
src="https://github.com/user-attachments/assets/b51ce051-40d2-42d0-a9c1-0fba3fd919af"
/>
> [!NOTE]
> I'm using the terminology "form" to distinguish this from the alert
filter _controls_ or other type of more KQL-bar-like filters. Other
alternatives that came to mind were `alerts-boolean-filters-...` or
`alerts-filters-builder`.
<details>
<summary>
## Implementation details
</summary>
### Filters expression state
I opted for a tree state representation of the form's boolean expression
to accommodate potential future requirements such as more complex
boolean expressions (negation, parenthesized subexpressions to manually
control operators precedence):
```ts
{
operator: 'or',
operands: [
{
operator: 'or',
operands: [
{ type: 'ruleTags', value: ['tag-1'] },
{ type: 'ruleTags', value: ['tag-2'] },
{
operator: 'and',
operands: [{ type: 'ruleTypes', value: ['type-1'] }, { type: 'ruleTypes', value: ['type-2'] }],
},
],
},
{ type: 'ruleTags', value: ['tag-3'] },
],
}
```
This state is saved in the embeddable panel state and represents the
editor form. The embeddable alerts table wrapper component will then
transform this to an actual ES query.
To simplify interactions inside the form, an intermediate equivalent
flattened state is used:
```ts
[
{ filter: { type: 'ruleTags', value: ['tag-1'] } },
{ operator: 'or' },
{ filter: { type: 'ruleTags', value: ['tag-2'] } },
{ operator: 'or' },
{ filter: { type: 'ruleTypes', value: ['type-1'] }},
{ operator: 'and' },
{ filter: { type: 'ruleTypes', value: ['type-2'] } },
{ operator: 'or' },
{ filter: { type: 'ruleTags', value: ['tag-3'] } },
]
```
### Filters model
Each filter is described by an `AlertsFilterMetadata<T>` object, where
`T` is the type of the filter value:
```tsx
export const filterMetadata: AlertsFilterMetadata<string[]> = {
id: 'ruleTags',
displayName: RULE_TAGS_FILTER_LABEL,
component: AlertsFilterByRuleTags,
// Filter-specific empty check
isEmpty: (value?: string[]) => !value?.length,
// Conversion to ES query DSL
toEsQuery: (value: string[]) => {
return {
terms: {
[ALERT_RULE_TAGS]: value,
},
};
},
};
```
</details>
## Verification steps
1. Run Kibana with examples (`yarn start --run-examples`)
2. Create rules in different solutions with tags
3. Navigate to `/app/triggersActionsUiExample/alerts_filters_form`
4. Check that the solution selector options are coherent with the rule
types the user can access
5. Select a solution
6. Build filters expressions, checking that the rule tags and rule types
are coherent with the solution selection and the rules created
previously
7. Repeat steps 3-6 with different roles:
7.1. having access to rule types from just one solution (in this case
the solution selector shouldn't appear at all),
7.2. having access just to Observability and Stack but not Security (in
this case the solution selector shouldn't appear at all),
8. Repeat steps 3-6 in the three serverless project types:
```shell
$ yarn es serverless —ssl --projectType <es|oblt|security>
$ yarn serverless-<es|oblt|security> --ssl --run-examples
```
(If the authentication fails when switching between project types, use a
clean session)
8.1. ES project types should have access only to Stack rules (no
selector)
8.2. Observability project types should have access only to
Observability and Stack rules (no selector)
8.3. Security project types should have access only to Security and
Stack rules (selector shows Stack instead of Observability)
## References
Depends on #214187Closes#213061
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
## Summary
This PR changes the Span/Transaction overview tab title to being the
Name/ID title/subtitle pair. The span/transaction name is the title,
with the id is being a subdued text section. The title components for
Span/Transaction will fallback if the name field is not present to
showing just the id, or for the case of Transactions, the service name
if neither name nor id is available.
| | Screenshot example |
| - | - |
| Transaction | 
|
| Span | 
|
Closes#216861
## How to test
* Enable traces for discover by adding the following to
`kibana.dev.yaml`:
```yaml
discover.experimental.enabledProfiles:
- observability-traces-data-source-profile
- observability-traces-transaction-document-profile
- observability-traces-span-document-profile
```
* Ensure you are on an Observability root profile space
* Go to Discover, use or create a Data View profiles targetting traces-* (such as remote_cluster:traces-*).
* Click on a span/transaction to expand the doc viewer
* The title should be the span title/id or the transaction title/id with the transaction title being a link.
## Summary
After #217202 and #217034 this the another attempt with `lodash` and
`lodash/fp`.
In short:
`lodash` and `lodash/fp` have a special webpack treatment as they are
imported within the shared bundle.
Now webpack is not smart enough to understand that `import camelCase
from 'lodash/camelCase';` is still pointing to `lodash` and it thinks
that `lodash/camelCase` is a different package, de-optimizing the
bundling caching system.
So I’ve tweaked the import to make it point to the shared bundle and
save few kbs here and there
## Summary
Pre-requisite for https://github.com/elastic/kibana/pull/216088, as the
`AI Assistant Management` configuration settings should be available for
Search too.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
