When setting the `canViewMlNodes`, we were assuming a serverless
environment based on whether all ML features (ad, dfa, nlp) were
enabled. When this was originally implemented no serverless project had
all three features enabled.
Since then the security project has
[changed](https://github.com/elastic/kibana/pull/175358) to include all
three features.
This PR add an explicit check for serverless and disables
`canViewMlNodes` if it is true.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Another follow up to https://github.com/elastic/kibana/pull/212694
- Removes `alertWithSuppression` from `sharedParams` since it's already
available on `services`
- Updates the type of `services` throughout DE executor logic to
properly represent that it has `alertWithSuppression`
- Removes `experimentalFeatures` as a param from functions that no
longer need it
- Converts `bulkCreate` from a factory to a const function
- Converts `enrichAlerts` from a factory to a const function - but
enrichment logic is still passed to the persistence functions as a
function. Now it's just one layer of factories instead of two.
- Renames types related to `enrichAlerts` to match the function
names/responsibilities better
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fix Unable to switch between Risk Contributions and Insights on host
details flyout.
**Pre Conditions**
1. Alerts should be available on Kibana.
2. Entity Risk Score must be enabled.
**Steps**
1. Navigate to a page where the flyout is available.
3. For any Entity, open details flyout
4. Expand Details flyout (left panel).
5. Observe that the user cannot switch between `Risk Contributions` and
`Insights` tabs.
**Expected Result**
The user should be able to switch between `Risk Contributions` and
`Insights` tabs.
**Screen Recording**
https://github.com/user-attachments/assets/3aae6291-5b5b-49a4-83c2-ac657e4e9524
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
These Stories were missed in [Upgrade to Storybook 8
(#195148)](https://github.com/elastic/kibana/pull/195148) and should be
migrated to the same format as other stories for consistency and to make
future migrations easier. They technically work in SB8, I forgot to run
the migration script again later on while working on the original PR.
The changes have already been backported to #214680 and #214681
## Summary
While annotating test failures, we're seeing increased amount of errors
like this:
```
2025-03-21 13:52:32 INFO Artifact uploads completed successfully
--
| Annotate test failures error Request failed with status code 404
| HTTP Error Response Status 404
| HTTP Error Response Body { message: 'Not Found' }
| user command error: exit status 10
```
It would be nicer to show a bit more from the error to help debugging.
## Summary
Part of https://github.com/elastic/kibana/issues/195418
This removes the final deprecated property from the command definitions:
the signature.
Most of the work was moving validation logic out of the generic paths
into command-specific validation methods. This exercise confirmed the
fact that many of the properties on the command signatures were added to
support something in one or two commands and did not apply to the vast
majority. Now, it is clearer what code applies to what commands.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Enables the SIEM Migrations feature in serverless. The experimental flag
will be cleaned later.
> [!NOTE]
To release this feature as planned (Friday 28th March 2025), this PR
needs to merge between Monday **24** and Thursday **27**
### Screenshot
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Fixes#210253
This PR adds an `aria-label` with the same content as the tooltip to
solve the "Button must have a discernible text" A11y critical issue.
## How to test
1. Download the [axe
devtools](https://chromewebstore.google.com/detail/axe-devtools-web-accessib/lhdoppojpmngadmnindnejefpokejbdd)
2. Enable ECO feature flag
3. Go into service inventory and run the scanner from axe devtools
4. You should see a critical error
5. Checkout this branch
6. Error should be solved
---------
Co-authored-by: Carlos Crespo <crespocarlos@users.noreply.github.com>
## Summary
This PR adds a rule gaps histogram that shows users how many rules had
gaps at any given time. They will also be able to see how many gaps have
been filled and how many are being filled.
See the images below which show what the dashboard looks like today, and
what it looks like after these changes.
## How was this tested?
I ran a script to create 100 rules with gaps, then I made the changes in
the dashboard JSON file and called the `POST
/internal/detection_engine/health/_setup` endpoint to apply them in my
local version of Kibana.
### Before
### After
## Summary
This PR fixes the issue where clicking the refresh button, the risk
score panel throws errors, and the table displays no data.
The root cause was that the `refetchAll` callback did not include
`refetchEngineStatus`, which is responsible for refreshing the risk
engine status. As a result, the risk engine status
`hasEngineBeenInstalled` could become stale, leading to incorrect
behavior.
### Reproduce bug
(as per [#12017](https://github.com/elastic/security-team/issues/12017))
**Preconditions**
Kibana started with user and host data
Alerts created
Enable risk engine
To Reproduce
**Steps to reproduce the behavior:**
Open the page and press refresh
Expected behavior
All panels should refresh
### Screenshots: Fixed Version
The bug appeared only on the static time options - "Today" and "This
Week". Fixed for both, confirmed working for the other options.
https://github.com/user-attachments/assets/bf2866cf-4e16-466f-8686-0c1b0bf5e7cb
## Summary
Right now we return a 404 anytime that the data we're looking for on the
`screenshot_ref` route is not satisfactory. We do an io-ts check on the
data before returning. It's possible that that data will fail the check,
and we'd return a 404 anyway. This isn't a very accurate reflection of
what's happening on the server, and could indicate a problem with the
user's data.
Instead, we first check if the data returned from Elasticsearch is
`null`, and if it is we return a 404. Otherwise, we compute the type
check like normal and return the result. In the case where the data
fails the type check, we instead return a 500 and include the malformed
data in the server response.
Co-authored-by: Faisal Kanout <faisal.kanout@elastic.co>
## Summary
This PR https://github.com/elastic/elasticsearch/pull/125251 adds
highlighting for the code blocks so it is not needed to be added on the
kibana side. This PR removes it.
I didnt run the script because it will remove the highlighting. It will
run next Monday with @craigtaverner 's PR being merged
## Summary
A [recent PR](https://github.com/elastic/kibana/pull/212558/files) (3
weeks ago) migrated docs under `/docs` folder, from `.asciidoc` to
`.md`.
Unfortunately, some of these docs (well, at least one) were generated
automatically using a script:
`node scripts/build_plugin_list_docs.js` was updating the
`docs/developer/plugin-list.asciidoc`
As a result of the migration:
The CI pipeline step fails, and the list of plugins is no longer
updated.
Besides:
* The https://www.elastic.co/guide/en/kibana/current/plugin-list.html is
currently broken.
* This page is (or should be) built from
https://github.com/elastic/kibana/blob/main/docs/extend/plugin-list.md,
which is also broken.
They are broken cause some plugins' descriptions use the pipe `|`
character, which breaks the Markdown layout.
This PR updates the logic that generates the plugin-list, switching from
`.asciidoc` to `.md`, and escaping `\n` and `|` characters to allow for
better descriptions.
## Summary
This PR changes the privilege's actions merging logic for the composable
and deprecated Kibana features. The change makes it possible to have any
number of composable and deprecated features chained by `replaceBy`,
`composedOf`, or a combination of the two.
Under the hood, the privileges factory sorts all deprecated and
composable privileges using Kahn's algorithm for topological sorting,
similar to what is used to sort Kibana plugin dependencies. This allows
us to not only detect cyclical dependencies but also sort privileges in
the proper order depending on their dependency chain.
The use cases addressed by this change are best illustrated by the
`actions should respect composedOf when specified with replaceBy at the
privilege` test in `privileges.test.ts`.
## Summary
Fixes#210258
This PR adds an `aria-label` with the same content as the title to solve
the "Button must have a discernible text" A11y critical issue.
## How to test
1. Download the [axe
devtools](https://chromewebstore.google.com/detail/axe-devtools-web-accessib/lhdoppojpmngadmnindnejefpokejbdd)
2. Go into a service overview and run the scanner from axe devtools
3. You should see a critical error
4. Checkout this branch
5. Error should be solved
This PR updates the ES|QL grammars (lexer and parser) to match the
latest version in Elasticsearch.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Closes#215134
Using `helm upgrade --install` lets the user run the helm command
multiple times to, for example, upgrade to the new version after a stack
release.
## How to test
1. Run Kibana and navigate to the K8S OTel onboarding flow
2. Execute snippets provided by the flow
3. Copy only the `helm upgrade --install ...` part of the second snippet
and execute it again
4. Make sure the command succeeds
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
Adds a type and color for `Executable` flamegraph nodes.
The new type will be used by [this
change](https://github.com/elastic/elasticsearch/pull/119115) in the ES
profiling plugin (the required code change from grouping by process name
to grouping by executable name needs tbd).
## Summary
Extracts `collectEnvFromLabels` to a separate module, so it can be used
in the flaky test runner. With this, the label `ci:use-chrome-beta` will
be passed along to the flaky test runner, allowing for flaky testing on
chrome beta.
Other labels we treat as modifiers for PR behavior through setting env
variables should also be added to this set of mapping.
This PR updates the function definitions and inline docs based on the
latest metadata from Elasticsearch.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[elastic-apm-node](https://redirect.github.com/elastic/apm-agent-nodejs)
| dependencies | patch | [`^4.11.1` ->
`^4.11.2`](https://renovatebot.com/diffs/npm/elastic-apm-node/4.11.1/4.11.2)
|
---
### Release Notes
<details>
<summary>elastic/apm-agent-nodejs (elastic-apm-node)</summary>
###
[`v4.11.2`](https://redirect.github.com/elastic/apm-agent-nodejs/releases/tag/v4.11.2)
[Compare
Source](https://redirect.github.com/elastic/apm-agent-nodejs/compare/v4.11.1...v4.11.2)
For more information, please see the
[changelog](https://www.elastic.co/guide/en/apm/agent/nodejs/current/release-notes-4.x.html#release-notes-4.11.2).
##### Elastic APM Node.js agent layer ARNs
|Region|ARN|
|------|---|
|af-south-1|arn:aws:lambda:af-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-east-1|arn:aws:lambda:ap-east-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-northeast-1|arn:aws:lambda:ap-northeast-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-northeast-2|arn:aws:lambda:ap-northeast-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-northeast-3|arn:aws:lambda:ap-northeast-3:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-south-1|arn:aws:lambda:ap-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-southeast-1|arn:aws:lambda:ap-southeast-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-southeast-2|arn:aws:lambda:ap-southeast-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ap-southeast-3|arn:aws:lambda:ap-southeast-3:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|ca-central-1|arn:aws:lambda:ca-central-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-central-1|arn:aws:lambda:eu-central-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-north-1|arn:aws:lambda:eu-north-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-south-1|arn:aws:lambda:eu-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-west-1|arn:aws:lambda:eu-west-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-west-2|arn:aws:lambda:eu-west-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|eu-west-3|arn:aws:lambda:eu-west-3:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|me-south-1|arn:aws:lambda:me-south-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|sa-east-1|arn:aws:lambda:sa-east-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-east-1|arn:aws:lambda:us-east-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-east-2|arn:aws:lambda:us-east-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-west-1|arn:aws:lambda:us-west-1:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
|us-west-2|arn:aws:lambda:us-west-2:267093732750:layer:elastic-apm-node-ver-4-11-2:1|
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNvcmUiLCJiYWNrcG9ydDpwcmV2LW1pbm9yIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
## Summary
Closes#213294
This PR replaces the custom theme switcher in favor of the native
toolbar customization SB has integrated.
Also removed `@storybook/icons` which was only used in the theme
switcher component.
## How to test
1. Run `yarn storybook <plugin>`
2. You should be able to change between themes on the toolbar.
## Summary
With #212397 we added 2 tests for Discover app (loading `/app/discover`)
to track:
- js bundles loaded on page
- perf metrics like CPU time, Layout time and Script time fetched with
CDP Performance Domain API
While the first test for bundles _didn't report any failures_, second
test to validate Perf metrics fails periodically:
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34729#0195a4de-6cd5-4d1e-be11-5d02be6de2b0
```
Error: CPU time (seconds) usage during page navigation should not exceed 1.5 seconds
expect(received).toBeLessThan(expected)
Expected: < 1.5
Received: 1.591343
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34877
```
Error: Additional time spent executing JS scripts should not exceed 0.5 second
expect(received).toBeLessThan(expected)
Expected: < 0.5
Received: 0.601434
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34899
```
Error: Total layout computation time should not exceed 0.06 second
expect(received).toBeLessThan(expected)
Expected: < 0.06
Received: 0.061723
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34912#0195adb8-4536-42b7-ab4d-524535fdad9a
```
Error: Additional time spent executing JS scripts should not exceed 0.5 second
expect(received).toBeLessThan(expected)
Expected: < 0.5
Received: 0.561259
```
It was worth an experiment, but due to flakiness we decided to keep only
bundles limits validation for now and see if it is stable in the long
run.
If Data-Discovery team has interest in collecting Perf metrics without
strict validation in PRs, we can discuss the options. Alternatively we
can wait for Scout GA and you can deep dive into your own performance
testing with Playwright/CDP.
