## Summary
Introduces a new `security_solution/gen_ai_evals.yml` BuildKite pipeline
for automatically running our Assistant and Attack Discovery evaluation
suites weekly.
### To Run Locally:
Ensure you are authenticated with vault for LLM + LangSmith creds:
> See [internal
docs](https://github.com/elastic/infra/blob/master/docs/vault/README.md#login-with-your-okta)
for setup/login instructions.
Fetch Connectors and LangSmith creds:
> [!NOTE]
> In discussion with @elastic/kibana-operations it was preferred to use
the ci-prod secrets vault, so we cannot self-manage the secrets. To test
this locally though, you can grab the secrets and follow the
instructions in this [paste
bin](https://p.elstc.co/paste/q7k+zYOc#PN0kasw11u2J0XWC2Ls5PMNWreKzKTpgWA1wtsPzeH+).
```
cd x-pack/test/security_solution_api_integration
node scripts/genai/vault/retrieve_secrets.js
```
Navigate to api integration directory, load the env vars, and start
server:
```
cd x-pack/test/security_solution_api_integration
export KIBANA_SECURITY_TESTING_AI_CONNECTORS=$(base64 -w 0 < scripts/genai/vault/connector_config.json) && export KIBANA_SECURITY_TESTING_LANGSMITH_KEY=$(base64 -w 0 < scripts/genai/vault/langsmith_key.txt)
yarn genai_evals:server:ess
```
Then in another terminal, load vars and run the tests:
```
cd x-pack/test/security_solution_api_integration
export KIBANA_SECURITY_TESTING_AI_CONNECTORS=$(base64 -w 0 < scripts/genai/vault/connector_config.json) && export KIBANA_SECURITY_TESTING_LANGSMITH_KEY=$(base64 -w 0 < scripts/genai/vault/langsmith_key.txt)
yarn genai_evals🏃ess
```
### To manually run on BuildKite:
Navigate to
[BuildKite](https://buildkite.com/elastic?filter=ftr-security-solution-gen-ai-evaluations)
and run `ftr-security-solution-gen-ai-evaluations` pipeline.
### To manually run on BuildKite for specific PR:
In `.buildkite/ftr_security_stateful_configs.yml`, temporarily move the
`genai/evaluations/trial_license_complete_tier/configs/ess.config.ts`
line down to the `enabled` section. Will see if we can do this without
requiring a commit. @elastic/kibana-operations is it possible to set a
buildkite env var that can be read in FTR tests when a specific GitHub
label is added to the PR? I.e. can I create a `SecurityGenAI:Run Evals`
label that when added will run this suite as part of the build?
> [!NOTE]
> Currently the connectors secrets only include `gpt-4o` and
`gpt-4o-mini`. Waiting on finalized list w/ credentials from @jamesspi
and @peluja1012 and then we can have ops update using the scripts
included in this PR.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Patryk Kopycinski <patryk.kopycinski@elastic.co>
resolves https://github.com/elastic/kibana/issues/218616
Adds kibana config `xpack.alerting.disabledRuleTypes: string[]`, which
can be used to "disable" specific rule types. The config is checked when
a rule type is registered, and if the rule type should be disabled, it
won't be added to the rule type registry and will log an INFO message
about the rule type being disabled.
## Summary
Closes https://github.com/elastic/kibana/issues/217154
Improvements to sync integrations status API and error reporting
- Saving custom asset update errors to the package SO in
`latest_custom_asset_install_failed_attempts` field
- Reading these errors in the status API and UI
- Fix sync status calculation: show `FAILED` if one of integrations or
custom assets are in failed state, `SYNCHRONIZING` if one of
integrations or custom assets are in synchronizing state, otherwise show
`COMPLETED` state.
<img width="608" alt="image"
src="https://github.com/user-attachments/assets/15a17690-443b-4ca1-b705-cc92ec7d3b20"
/>
- Reading the `followStats` API to report on fatal errors, found that
the `followInfo` API doesn't report if the connection to the remote
cluster fails. Reproduced this by updating an active Remote Cluster with
an invalid port. The `followInfo` API still reports `active` status.
<img width="612" alt="image"
src="https://github.com/user-attachments/assets/e95ebc62-4ed9-42c2-9954-93d9438b6ece"
/>
```
GET fleet-synced-integrations-ccr-main/_ccr/stats
{
"indices": [
{
"index": "fleet-synced-integrations-ccr-main",
"shards": [
{
"remote_cluster": "main",
"leader_index": "fleet-synced-integrations",
"follower_index": "fleet-synced-integrations-ccr-main",
...
"fatal_exception": {
"type": "exception",
"reason": "java.lang.IllegalArgumentException: port out of range:93001",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "port out of range:93001"
}
}
}
]
}
]
}
```
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes: https://github.com/elastic/kibana/issues/218944
The index template for the Lock Manager was not created, causing index
mappings and settings to be incorrect.
Root cause: the function responsible for creating the index template
(`ensureTemplatesAndIndexCreated`) was never invoked - only during
automated testing 🤦
## Manual testing steps
The mappings for the lock manager index (`.kibana_locks-000001`) should
match this:
```ts
{
mappings: {
dynamic: false,
properties: {
token: { type: 'keyword' },
metadata: { enabled: false },
createdAt: { type: 'date' },
expiresAt: { type: 'date' },
},
},
}
```
### Test 1
In this test we make sure that the LockManager library can recover and
fix the mappings if the existing index has invalid mappings
#### Delete existing assets if they already exist
```
DELETE .kibana_locks-000001
DELETE _index_template/.kibana_locks-index-template
DELETE _component_template/.kibana_locks-component
```
#### Create lock index. This is invalid because it does not have the
correct mappings
```
PUT .kibana_locks-000001
```
(Restart Kibana)
#### Check mappings are correct
```
GET .kibana_locks-000001/_mapping
```
### Test 2
In this test we make sure that out of the box, the LockManager library
creates an index with the correct mappings
```
DELETE .kibana_locks-000001
DELETE _index_template/.kibana_locks-index-template
DELETE _component_template/.kibana_locks-component
```
(Restart Kibana)
#### Check mappings are correct
```
GET .kibana_locks-000001/_mapping
```
Related: https://github.com/elastic/kibana/pull/216916https://github.com/elastic/kibana/pull/216397
---------
Co-authored-by: Viduni Wickramarachchi <viduni.ushanka@gmail.com>
## Summary
Fixes bug introduced by: https://github.com/elastic/kibana/pull/213509
where serverless search & enterprise search could not load list of
available connector types from the connectors plugin. This was caused by
2 things in serverless, 1) the entire plugin was disabled and 2) the
plugin id was renamed.
Updated the `contentConnectors` plugin to have a `ui.enabled` config
value to override just disabling the management UI from being registered
for Serverless Search, while still allowing the plugin to be enabled.
And updated the usages of the `searchConnectors` plugin in
`enteprise_search` & `serverless_search` to account for it being renamed
to `contentConnectors`
Of note this bug would have been caught by FTRs, but they have been
skipped for being
[flakey](https://github.com/elastic/kibana/issues/203462) for some time,
and have proven [hard
fix](https://github.com/elastic/kibana/pull/205971) given the current UX
😔
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
Closes#212957
Adds editing of the automatically-generated readMe file on custom
integrations.
- Allows the user to make edits and then save the readMe changes via a
new endpoint
- Reloads the UI after making changes to reflect the updated readMe
- Automatically updates associated policies
To test the new endpoint, you will need a custom integration installed,
then use it as such
```
PUT kbn:/api/fleet/epm/custom_integrations/{pkgName}
{
"readMeData": "New README content here"
}
```
https://github.com/user-attachments/assets/9a6f2197-aa7f-4610-9476-c1f8b4865c62
### Acceptance criteria
- [ ] An "edit" button with an icon appears in the README section of the
integration overview page for custom integrations generated by automatic
import
- [ ] Clicking the "edit" button should open a modal (TBD) containing a
markdown editor that allows the user to edit the content
- [ ] Users can save their changes, and the updated README content is
persisted
- [ ] Saving updates the version of the package and reloads the content
- [ ] Saving also starts updating policies automatically
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
N/A
# Release Note
Adds edit functionality to custom integrations, allowing a user to edit
the README file of a custom integration and save it to be persisted.
Additionally, saving will automatically increment the version of the
integration and update all associated policies.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
The agent listing table displays a clear badge that indicates an agent's
current policy revision is out of date. This change adds the same indicator
to the agent details page, and adds an explanatory tooltip.
## Summary
This PR attempts to rework the internals for how the share plugin works,
and brings with it a slight modification to how configs are registered
to the share plugin, with this PR the share plugin now defines the
following share types i.e. `links`, `embeds` and `integrations`. As such
native implementations (i.e. copy link and embed) provided by sharedUX
remain internal to the share plugin.
One might then ask what happens to the existing export functionality
provided by the reporting plugin, in this PR the export functionality is
now modelled as an integration that's simply grouped as an export, see
the type definition for the Export type. Accompanying this change, a new
method has been introduced `registerShareIntegration` that's similar to
the previous method `register`, with a slight difference, in that now
registered integrations can be scoped to a specific object type like so.
```ts
share.registerShareIntegration('lens', {
...
config: () => ({
someValue: 'This integration value can only be retrieved within the lens objectType scope'
})
})
```
The expected return type for config is defined by the user, as such the
export integration type defines it's own expected type that suits the
current implementation of the share modal.
<!-- These aforementioned configs would then be automatically be made
available under the property `shareMenuItems` by providing the object
type value to the `useShareTabsContext`, like so;
```ts
const { objectTypeMeta, shareMenuItems } = useShareTabsContext('integration', 'export')
```
because the share type of `integration` is provided alongside its
`groupId`, `useShareTabsContext` will only provide data and config that
applies specifically to the specific share type. The same would apply
for `link` and `embed` with passing in the second option. -->
Furthermore there's been a clean up with the config options that
typically would be passed to the `toggleShareMenu` method, properties
that are specific to a specific share type are now expected to be
provided within the config property for that specific share type.
## How to test
- This change is transparent to the user with all share functionality
working as should, regardless respective teams should verify that all
share behaviour work as expected.
<!--
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
-->
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## 🗒️ Summary
We want to add a new `root-level` key in the rule called `artifacts`.
The new key will be added to the `create`, `update` and `find` Rule apis
and will contain `dashboards` and `investigation_guide`. This PR handles
only the addition of dashboards.
```
artifacts: {
dasboards: Array<{ id: string }]>;
}
```
## Architecture diagram
<img width="1265" alt="Screenshot 2025-04-02 at 12 35 00"
src="https://github.com/user-attachments/assets/51783fd5-f63e-4a2e-80b0-7a724675c11c"
/>
## 🧪 How to test
This PR includes only backend changes to the Rule APIs. In order to test
you can use Kibana > Dev Tools.
### Create a rule
```
POST kbn:/api/alerting/rule
{
"name": "TEST RULE",
"params": {
"criteria": [
{
"comparator": ">",
"metrics": [
{
"name": "A",
"aggType": "count"
}
],
"threshold": [
3
],
"timeSize": 1,
"timeUnit": "m"
}
],
"alertOnNoData": false,
"alertOnGroupDisappear": false,
"searchConfiguration": {
"query": {
"query": "",
"language": "kuery"
},
"index": "e7744dbe-a7a4-457b-83aa-539e9c88764c"
}
},
"rule_type_id": "observability.rules.custom_threshold",
"consumer": "logs",
"schedule": {
"interval": "1m"
},
"artifacts": {
"dashboards": [
{ "id":"1" }
]
}
}
```
The artifacts shouldn't be returned in the rule response. The new
dashboard artifacts should be saved in the Rules SO. You can check it
directly under `Kibana > Stack Management > Saved Objects`. You should
verify a new `artifacts` entry is added in the rules SO:
```
"artifacts": {
"dashboards": [
{
"refId": "dashboard_0"
}
]
},
```
Also the new dashboard should be added into the references array:
```
"references": [
..
{
"id": "1",
"name": "dashboard_0",
"type": "dashboard"
}
],
```
### Update a rule
```
PUT kbn:/api/alerting/rule/{RULE_ID}
{
"name": "TEST RULE",
"schedule": {
"interval": "1m"
},
"params": {
"criteria": [
{
"comparator": ">",
"metrics": [
{
"name": "A",
"aggType": "count"
}
],
"threshold": [
3
],
"timeSize": 1,
"timeUnit": "m"
}
],
"alertOnNoData": false,
"alertOnGroupDisappear": false,
"searchConfiguration": {
"query": {
"query": "",
"language": "kuery"
},
"index": "e7744dbe-a7a4-457b-83aa-539e9c88764c"
}
},
"artifacts": {
"dashboards": [{"id": "2"}, {"id": "1"}]
}
}
```
The artifacts shouldn't be returned in the rule response. The updated
artifacts should be saved in the Rules SO. You can check it directly
under `Kibana > Stack Management > Saved Objects`. You should verify the
updated dashboards list is correct.
### Find a rule
```
GET kbn:/api/alerting/rules/_find?search="TEST RULE"
```
The artifacts shouldn't be returned in the rule response. Only the
internal Find API returns the artifacts.
```
POST kbn:/internal/alerting/rules/_find
{
"search": "TEST RULE"
}
```
## ✔️ Acceptance criteria
- The dashboard IDs should be saved as `references in the Rule SO
- The Rule APIs will not return the artifacts
- Only the `internal Find API` used by the UI will return the artifacts
- Integrations and unit tests should be added
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Justin Kambic <jk@elastic.co>
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
Fixing a bug where empty assistant messages were being added after tool
messages. e.g.
Previously:
```json
[
{
"role":"user",
"content":"Please retrieve the most recent Apache log messages"
},
{
"role":"assistant",
"content":"",
"tool_calls":[
[
"Object" // Two tool calls with ids "1caa1c" and "2sds4i"
]
]
},
{
"role":"tool",
"content":"{\"screen_description\":\"\",\"learnings\":[]}",
"tool_call_id":"1caa1c"
},
{
"role":"assistant",
"content":"-" // <---- empty message here
},
{
"role":"tool",
"content":"{\"screen_description\":\"\",\"learnings\":[]}",
"tool_call_id":"2sds4i"
},
{
"role":"assistant",
"content":"-" // <---- empty message here
},
{
"role":"user",
"content":"Based on the previous conversation, ...."
}
]
// Some LLM providers (e.g. openAi) require the tool messages to be directly after the assistant message.
```
This caused problems when multiple tools were called simultaneously, as
that would result in two tool messages separated by an assistant
message.
Now:
```json
[
{
"role":"user",
"content":"Please retrieve the most recent Apache log messages"
},
{
"role":"assistant",
"content":"",
"tool_calls":[
[
"Object" // tool call with id "1caa1c" and "2sds4i"
]
]
},
{
"role":"tool",
"content":"{\"screen_description\":\"\",\"learnings\":[]}",
"tool_call_id":"1caa1c"
},
{
"role":"tool",
"content":"{\"screen_description\":\"\",\"learnings\":[]}",
"tool_call_id":"2sds4i"
},
{
"role":"user",
"content":"Based on the previous conversation, ...."
}
]
```
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [X] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [X]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [X] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [X] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [X] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [X] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [X] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
DefaultPresentationPanelApi should define parentApi as unknown.
`ReactEmbeddableRenderer` renders panels with `PresentationPanel`.
`PresentationPanel` takes `api: DefaultPresentationPanelApi` as a prop
and `DefaultPresentationPanelApi` should not define ParentApi type more
precisely then its defined in `ReactEmbeddableRenderer`.
`ReactEmbeddableRenderer` defines parent as `ParentApi extends
HasSerializedChildState<SerializedState> =
HasSerializedChildState<SerializedState>`.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Bootstrap Privileged User Monitoring page. This page is hidden behind
`privilegeMonitoringEnabled` flag.
### Included
* Add the Privileged User Monitoring page content according to design
* Link integrations to the integrations page
* Find index modal
* New API to search for compatible indices
* It also renames the navigation title to only have the first letter
capitalised.
### Not Included
* The navigation is already implemented by
https://github.com/elastic/kibana/pull/217180
* The video introduction
* The final API call in the "choose index" is out of scope for this
issue.
* The CSV upload functionality is entirely out of scope for this ticket.
* The "Sample Dashboard"
* The link to docs
### How to test it?
* Enable `privilegeMonitoringEnabled` flag.
* Start kibana.
* Use the menu to navigate to the Priv User monitoring page
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes: #218128
**Description**
Dialog modal, flyout, field visible title should be announced for the
users, especially using assistive technology to know what dialog modal,
flyout opened, what field is active and what is needed to enter in it.
**Changes made:**
1. Added required aria-attributes for mentioned places
## Summary
Change usage of Handlebars.compile across Kibana to use
`@kbn/handlebars` and `compileAST`
### Note for reviewers:
There should be no change for the rendered output where it's used.
Wherever there were tests, i ensured they were passing after making the
change.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Allows one to export and import content packs in archive format. The
format follows the integration content package's format so it becomes
possible to import existing integration packages.
Content packs only support dashboard assets at the moment.
A pattern replacement logic has been implemented for dashboards and
referenced data views:
- at export time, any pattern matching the source stream will be
replaced with a placeholder. Other patterns will remain as-is unless
user explicitly ask to replace them
- at import time, the placeholders are replaced with the target stream
pattern
For example, if a dashboard is first exported from stream `logs.nodejs`
and reads data from patterns `logs.nodejs` and `logs.nodejs.prod`, the
patterns will be updated to `logs.ruby` and `logs.ruby.prod` when
imported into `logs.ruby` stream.
The relevant UI components are hidden behind a feature flag, set the
following in `kibana.dev.yml` to enable them:
`feature_flags.overrides.featureFlagsStreams.contentPackUIEnabled: true`
https://github.com/user-attachments/assets/9fb07daf-9fb9-4c62-9f5b-387e1833eaf0
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com>
### Fix: Bedrock Streaming Error on ES|QL Actions
#### Summary
When an ES|QL is generated, we present two action buttons:
- Visualize Query
- Display Results
These actions were not working as expected when using Bedrock as the
model provider.
#### Error Details
```txt
Encountered error in Bedrock stream of type validationException messages.8: Did not find 1 `tool_result` block(s) at the beginning of this message. Messages following `tool_use` blocks must begin with a matching number of `tool_result` blocks.
```
#### Root Cause
We were sending a tool_use block in the assistant message without
immediately following it with the corresponding tool_result block. This
violates Bedrock’s message protocol.
## Summary
This PR only renames the helper, no test implementations were changed.
Why now?
Migrating tests from Enzyme to RTL means that all usage of
`mountWithIntl` has to change and will likely be replaced by the helper
that wraps RTL render with I18n. [A shorter name improves devEx](url).
ATM, consumption is limited to a few tests, reducing the number of
codeowner reviews required.
### Identify risks
- [x] In progress work and open PRs might fail. Updating from main will
prompt an undefined function that will need to be renamed.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
part of #212776
## Summary
Improves screen reader accessibility for the GenAI connector panels in
the Observability AI Assistant by providing more descriptive
announcements when these panels are opened. Previously, Kibana would
announce a generic modal dialog message (from EUI) without context,
which could confuse screen reader users.
### Problem
When a user with a screen reader (e.g., VoiceOver) clicks on the “Set up
GenAI connector” button, Kibana announces a generic message like “modal
dialog” without explaining what the modal is about.
### Fix
• Include aria-label to the `CreateConnectorFlyout` component
### How to Test
1. Navigate to Observability → AI Assistant
2. Use VoiceOver (macOS) or another screen reader
3. Click “Set up GenAI connector”
4. Verify that the screen reader announces "create connector flyout".
## Summary
Introduces a new fleet config variable to be able to set the default the
fleet setting for `prerelease_integrations_enabled`.
This is to be used in the new search_ai_lake tier for the ai4dsoc
project as we want to enable pre-release versions by default.
## How to test
1. Set `xpack.fleet.prereleaseEnabledByDefault: true` in your
`kibana.dev.yml`
2. Start up elasticsearch and kibana
3. Navigate to the integrations page and the toggle to enable should be
on
<img width="750" alt="Screenshot 2025-04-16 at 3 25 50 PM"
src="https://github.com/user-attachments/assets/17d14630-94f5-4f2a-ab32-d733d0b36d48"
/>
OR
1. Add the following to `serverless.security.dev.yml`:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
2. Restart Kibana serverless for security
3. Navigate to the Configurations -> Integrations page
4. Click on the 'Splunk' integration and verify it loads the page
<img width="750" alt="Screenshot 2025-04-16 at 5 15 28 PM"
src="https://github.com/user-attachments/assets/ba4bf986-1b47-4703-9f33-9a0a7a437539"
/>
___
Relates: https://github.com/elastic/security-team/issues/11789
**!!MAJORITY OF THE CHANGED FILES ARE MOVED OR COPIED!!**
### Vision
According to the product vision we will build a new simple UI/UX in the
future https://github.com/elastic/security-team/issues/11790
This PR is a first iteration on enabling Content Connectors Management
UI in Serverless Kibana Stack Management.
Elastic Managed content connectors will be available only for Security
and Observability projects.
### Current PR scope
1. Used initial search_connectors plugin and renamed it to
content_connectors + moved from `x-pack/solutions/search` to
`x-pack/platform/plugins/shared`
2. Copy relevant connectors UI and routes from enterprise_search plugin.
3. Introduce the new Stack Management card/navigation option under the
Data section.
4. Enabled this plugin only in Serverless for Security and Observability
projects.
5. For making PR smaller Pipelines tab was not moved. And according to
Search team vision this functionality should be dropped anyway soon.
6. Extended fleet package logic to include elastic_connectors for
security and o11y serverless projects
7. Added back `search:agentless-connectors-manager` task
In Stack Management navigation:
<img width="2062" alt="Screenshot 2025-04-15 at 3 51 43 PM"
src="https://github.com/user-attachments/assets/5c93ba01-9a6a-4eac-a21d-1370f03b8f35"
/>
Stack Management cards:
<img width="2081" alt="Screenshot 2025-04-10 at 8 41 43 PM"
src="https://github.com/user-attachments/assets/3def1c12-561b-4a84-8241-4dd61cd9313d"
/>
Create Elastic Managed Connector UI (on Agentless):
<img width="1822" alt="Screenshot 2025-04-15 at 3 55 29 PM"
src="https://github.com/user-attachments/assets/6e9fea48-85e7-43df-919d-0e5492d0e704"
/>
Create Self Managed Connector UI:
<img width="2064" alt="Screenshot 2025-04-15 at 3 55 49 PM"
src="https://github.com/user-attachments/assets/d5051898-c8fa-4e41-b9ea-b41d4ed4a0d5"
/>
### Next steps
- [ ] Remove duplicated code between content_connectors,
enterprise_search and serverless_search
- [ ] Extract [common server
libs](https://github.com/elastic/kibana/tree/main/x-pack/solutions/search/plugins/enterprise_search/server/lib)
to the shared package `kbn-search-connectors`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Artem Shelkovnikov <artem.shelkovnikov@elastic.co>
Co-authored-by: Artem Shelkovnikov <lavatroublebubble@gmail.com>
Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
Closes: #218351
**Description**
When user clicks on assign new roles to a space button, the resulting
flyout gets announced incorrectly as "you are in a modal dialog..."
which doesn't give any context to non-sighted user.
**Changes made:**
1. added 'aria-labelledby' attribute
**Screen:**
<img width="1323" alt="image"
src="https://github.com/user-attachments/assets/63ffdcca-2139-4302-9dce-ded3a4d3b9a2"
/>
## Summary
After #217202 and #217034 this the another attempt with `lodash` and
`lodash/fp`.
In short:
`lodash` and `lodash/fp` have a special webpack treatment as they are
imported within the shared bundle.
Now webpack is not smart enough to understand that `import camelCase
from 'lodash/camelCase';` is still pointing to `lodash` and it thinks
that `lodash/camelCase` is a different package, de-optimizing the
bundling caching system.
So I’ve tweaked the import to make it point to the shared bundle and
save few kbs here and there
Consolidate time handling by:
- making sure the useTimefilter hook exposed from the data plugin
materializes both absolute and relative time ranges on a time range
update, and a refresh
- signal the type of refresh: no refresh (ie, date range change),
time-shift (refresh pressed, but for a materialized time range that is
different than the previous one), override (refresh on an absolute time
range)
- expose TimeState - the original time range, the absolute version of
it, and start/end epoch ms
- use global time ranges in Streams where possible
- move time refresh logic into `useStreamsAppFetch` (opt-in)
---------
Co-authored-by: Joe Reuter <email@johannes-reuter.de>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Resolves: https://github.com/elastic/kibana/issues/187481
* Enhances the integration upgrade callout to give special attention to
breaking changes in the changelog.
* Callout includes a CTA to review breaking changes
* If one breaking change between current and latest version CTA is a
direct link the PR
* If many breaking changes, a flyout is opened listing those breaking
changes
* Includes "I understand" checkbox that must be clicked before upgrade
is allowed
## Summary
Hides security sub-privileges for ai4soc/search_ai_lake tier.
### Reasoning for changes added to `x-pack/packages/security`:
Currently, the feature description of Security feature is tied to the
fact that it has a list of sub-privileges. This is true on ESS and
`essentials/complete` serverless tiers.
With the introduction of the lower `search_ai_lake` tier, security
feature would not have any sub-privileges available and thus it does not
make sense to show that description.
The ideal way to handle this would be to load feature privileges config
settings at the plugin level
(security_solution/security_solution_serverless) and set `description`
to `null | undefined` based on the tier, as currently the feature
privileges settings live in [kibana_features file
(v2_features)](795094d8c6/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts (L72))
(also another set in v1_features) and the plugins only select a set of
those based on the [feature keys
available](d4a33a2b61/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts)
on each tier. The refactoring to pass in feature configs at the plugin
level (instead of just feature keys) is not in the scope of the work cut
out for RSA conf.
Thus the other simpler approach in this PR is to allow overriding the
description field on the tier specific config file.
## How to Test
1. While on the Kibana root directory, run ES/Kibana on serverless mode
with:
```bash
yarn es serverless --kill --projectType security --kibanaUrl=http://0.0.0.0:5601
```
and on a new window
```bash
yarn serverless-security --no-base-path
```
Enable the AI for SOC tier, by adding the following to your
`serverless.security.dev.yaml` file:
```json5
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
2. Once Kibana is up and running login in with the `admin` role using
the role dropdown.
3. Navigate to `app/management/roles/edit`
4. Click on `Assign to space` button and assign a space to that role on
the `Assign role to spaces` flyout.
5. Expand the `Security` category and verify that `Security` feature is
listed in the list of features.
6. Also verify that there is neither an accordion icon beside `Security`
feature nor a description text under it about sub-privileges.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
Closes: #218362
**Description**
When user tabs through content rows on content tab, the information
about saved objects in the content row is announced as "link 1, link2"
which doesn't give any context to non-sighted user.
**Changes made:**
1. Set `aria-label` for mentioned place
# Screen
<img width="1063" alt="image"
src="https://github.com/user-attachments/assets/452885c2-9738-4d17-84c9-3033250c6841"
/>
