mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
46536 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
David Sánchez
|
87e2edd599
|
[Security Solution] [Defend Workflows] Enables skipped tests in 9.0 (#213399)
## Summary Enables skipped tests in 9.0 and previous stack versions. closes: https://github.com/elastic/kibana/issues/180401 closes: https://github.com/elastic/kibana/issues/203894 closes: https://github.com/elastic/kibana/issues/205141 closes: https://github.com/elastic/kibana/issues/206204 closes: https://github.com/elastic/kibana/issues/209056 closes: https://github.com/elastic/kibana/issues/209064 closes: https://github.com/elastic/kibana/issues/209063 closes: https://github.com/elastic/kibana/issues/209066 closes: https://github.com/elastic/kibana/issues/209065 This one will be tracked in a follow up pr: https://github.com/elastic/kibana/issues/203916 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> |
||
Shahzad
|
9100170e29
|
[Synthetics] Refactor: Create monitor configs repository !! (#202325)
## Summary Create monitor configs repository around monitor saved object to make sure all operations are performed from same class. This will be helpful when we create a new saved object to support multiple-spaces !! ### Testing All unit tests, api tests passing should be more than enough !! --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Marco Liberati
|
b0ef1e6365
|
[Maps][Choropleth Map] Mark fields as required (#213923)
## Summary Fixes #197904 Configure both dimensions in the choropleth map as required. <img width="330" alt="Screenshot 2025-03-11 at 14 51 46" src="https://github.com/user-attachments/assets/65a7d3a4-2850-474c-a4e1-db0aca4307d3" /> <img width="371" alt="Screenshot 2025-03-11 at 14 51 28" src="https://github.com/user-attachments/assets/ad6e3aea-6c94-4dec-bd76-d5cc75c07744" /> |
||
Søren Louv-Jansen
|
5c5b6ebc8a
|
[Obs AI Assistant] Ensure semantic query contribute to score (#213870)
Closes https://github.com/elastic/kibana/issues/213869 Regression introduced in 8.17 (https://github.com/elastic/kibana/pull/200184/) #### **Fix** Semantic queries were incorrectly wrapped in a `filter` context, preventing them from contributing to scoring. This PR removes the `filter` wrapper so that semantic queries run in query context and influence ranking. This also replaces the `semantic` query with a `match` query. This is necessary because `fieldCaps` api no longer returns `semantic_text` when filtering with `GET animals_kb/_field_caps?fields=*&types=semantic_text`. Instead we need to retrieve text fields and perform the search against all of them. |
||
|
Marco Liberati
|
14b0c611b1
|
[Lens][Embeddable] Fix unnecessary rerender on view mode change (#213902)
## Summary Fixes #203020 Improve drill down check before triggering a rerender. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios |
||
Cristina Amico
|
382630ecd1
|
[Fleet] Add ssl fields to agent binary source settings (#213211)
closes https://github.com/elastic/kibana/issues/207324 follow up of https://github.com/elastic/kibana/issues/207322 ## Summary Add ssl fields to agent binary source settings. The new fields allow users to set a TLS connection to the agent binary source uri. - The cert key will be stored either as an encrypted SO or a secret (latter option will be available once fleet server will have this functionality: https://github.com/elastic/fleet-server/issues/4470). - The secret field is only available when the feature flag `enableSSLSecrets` is enabled, otherwise the cert key is saved as an encrypted SO. <details> <summary>Screenshots</summary> <img width="809" alt="Screenshot 2025-03-11 at 14 53 44" src="https://github.com/user-attachments/assets/e93a04cf-c699-4e13-8cb6-870986197f92" /> <img width="804" alt="Screenshot 2025-03-11 at 14 53 34" src="https://github.com/user-attachments/assets/c2c13c8f-e65c-4843-a538-d317e1359bf0" /> Generated policy: <img width="797" alt="Screenshot 2025-03-06 at 17 43 02" src="https://github.com/user-attachments/assets/12411fea-9a8b-4ee9-aa7c-123c6aefea4a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Pierre Gayvallet
|
ed7178674c
|
Use inferenceChatModel for playground (#210756)
## Summary Part of https://github.com/elastic/kibana/issues/206710 Wire the new `InferenceChatModel` into playground. Please refer to https://github.com/elastic/kibana/pull/210756 for the reasons behind that change. ### testing Tested with all 4 supported connectors: <img width="1673" alt="Screenshot 2025-02-12 at 10 32 43" src="https://github.com/user-attachments/assets/45d76fc1-79c5-4e17-bc4d-4f7aa173f892" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Ido Cohen
|
f4c9a700d5
|
Agentless Telemetry | ||
Elena Shostak
|
78fb6883f1
|
[Authz]: added authorization opt-out reason for monitoring routes (#213884)
## Summary Added authorization opt-out reason for monitoring routes. ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) |
||
|
Shahzad
|
40dd061823
|
[Synthetics] Fix service name usage from project monitors !! (#212229)
## Summary In support of https://github.com/elastic/synthetics/pull/974 Fix service name usage from project monitors !! <img width="1728" alt="image" src="https://github.com/user-attachments/assets/cb88cb9c-f4a2-41e9-a869-96c25d14ec67" /> |
||
Paulo Silva
|
5f05349930
|
[Asset Inventory] Onboarding No Data Found component (#213506)
## Summary It closes #210715 This PR introduces the No Data Found onboarding screen, which displays the Asset Inventory Enabled success callout and the Integrations Card Grid component from Security Onboarding. Success Callout visibility is stored in local storage for persisting visibility dismissal, also, the callout is only enabled for the user who initiated the enablement. This PR also includes: - Moving the renderWithTestProvider into a reusable function - Moving some onboarding test subj to the constants file - Added the missing test file for the navigation onboarding screen. **Note:** Customization of the Integrations Card Grid component for asset inventory will be done in a separate task. ## Recording https://github.com/user-attachments/assets/e8f4b363-7d31-4bd8-a2d3-d234f4a0b34b |
||
Patryk Kopyciński
|
0b9cceb574
|
[Attack discovery] Fix error handling in LM studio (#213855)
## Summary Error were not properly propagated to the user and instead of meaningful message we were displaying just `API Error`. <img width="1813" alt="Zrzut ekranu 2025-03-11 o 03 47 59" src="https://github.com/user-attachments/assets/8d059159-f020-4944-a463-b10799e7fa46" /> Steps to reproduce, Thank you @andrew-goldstein 🙇 **Desk testing** To reproduce: 1. In LM Studio, download the `MLX` variant (optimized for Mac) of `Llama-3.2-3B-Instruct-4bit`: ``` mlx-community/Llama-3.2-3B-Instruct-4bit ``` 2. Configure the model to have a context length of `131072` tokens, as illustrated by the screenshot below:  3. Serve ONLY the model above in LM Studio. (Ensure no other models are running in LM Studio), as illustrated by the screenshot below:  4. Configure a connector via the details in <https://www.elastic.co/guide/en/security/current/connect-to-byo-llm.html> but change: ``` local-model ``` to the name of the model when configuring the connector: ``` llama-3.2-3b-instruct ``` as illustrated by the screenshot below:  5. Generate Attack discoveries **Expected results** - Generation does NOT fail with the error described in the later steps below. - Progress on generating discoveries is visible in Langsmith, as illustrated by the screenshot below:  Note: `Llama-3.2-3B-Instruct-4bit` may not reliably generate Attack discoveries, so generation may still fail after `10` generation / refinement steps. 6. In LM studio, serve a _second_ model, as illustrated by the screenshot below:  7. Once again, generate Attack discoveries **Expected results** - Generation does NOT fail with the errors below - Progress on generating discoveries is visible in Langsmith, though as noted above, generation may still fail after `10` attempts if the model does not produce output that conforms to the expected schema **Actual results** - Generation fails with an error similar to: ``` generate node is unable to parse (openai) response from attempt 0; (this may be an incomplete response from the model): Status code: 400. Message: API Error: Bad Request: ActionsClientLlm: action result status is error: an error occurred while running the action - Status code: 400. Message: API Error: Bad Request, ``` or ``` generate node is unable to parse (openai) response from attempt 0; (this may be an incomplete response from the model): Status code: 404. Message: API Error: Not Found - Model "llama-3.2-3b-instruct" not found. Please specify a valid model. ``` as illustrated by the following screenshot:  |
||
Lisa Cawley
|
86ddd8cf3a
|
[DOCS] Add APM rule parameter descriptions (#213186) | ||
Ryan Keairns
|
82eea41ddf
|
Update login graphics (#213639)
## Summary The Kibana login page has been using outdated brand graphics for some time. This PR updates the SVGs to match those used on the Cloud login page in addition to a couple of style tweaks that bring further consistency. _Note_: Moving the Elastic logo up to the left - and using the version with 'elastic' - is potentially disruptive as we allow customers to set a custom logo which presumes the centered layout. Something to consider changing later. **Before**  **After**  -------- **Cloud (for reference)**  **elastic.co (for reference)**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... |
||
Kibana Machine
|
2995f2677d | skip failing test suite (#214029) | ||
Rodney Norris
|
59bf352f0a
|
[Search] refactor(search_playground): use routes for playground views (#213976)
## Summary Updated playground rendering to utilize routes for when to render query vs preview and search vs chat instead of maintain state for both of these. The page mode was controled by both a route and state, but now it's always read from a route parameter instead of using state. This is to cleanup how we decide what to render in the playground overview component and make it easier to reason about what is being shown. ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> |
||
|
Lisa Cawley
|
b27f9aa5f0
|
Add minimal user session management API docs (#212576) | ||
Maxim Palenov
|
f7d4f19096
|
[Security Solution] Enable prebuilt rules customization feature flag (#212761)
**Addresses:** https://github.com/elastic/kibana/issues/180267 ## Summary This PR enables `prebuiltRulesCustomizationEnabled` feature flag. ## Details Besides simply enabling `prebuiltRulesCustomizationEnabled` feature flag the following required changes were done - failed tests due enabling the FF were fixed - FF setting was removed from test configurations (integrations and Cypress tests) - FF logic was removed from the codebase. Disabling the FF would require roll back test changes as well. So just in case we have to disable the FF it's simpler to roll back the PR's commit. |
||
|
Søren Louv-Jansen
|
3ed6e4583e
|
[Obs AI Assistant] Add API test for execute_query tool (#213517)
- Adds test for `execute_query` function - Add `drop_null_columns` to esql query in order to avoid column explosion Depends on: https://github.com/elastic/kibana/pull/213231 --------- Co-authored-by: Viduni Wickramarachchi <viduni.ushanka@gmail.com> |
||
|
Lisa Cawley
|
e2772d8dc5
|
[ResponseOps][DOCS] Add stack rule parameter descriptions (#213185) | ||
elastic-renovate-prod[bot]
|
238324a198
|
Update dependency peggy to v4 (main) (#212280)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [peggy](https://peggyjs.org/)
([source](https://redirect.github.com/peggyjs/peggy)) | devDependencies
| major | [`^1.2.0` ->
`^4.2.0`](https://renovatebot.com/diffs/npm/peggy/1.2.0/4.2.0) |
---
### Release Notes
<details>
<summary>peggyjs/peggy (peggy)</summary>
###
[`v4.2.0`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#420)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v4.1.1...v4.2.0)
Released: 2024-11-19
##### New features
- [#​568](https://redirect.github.com/peggyjs/peggy/pull/568)
Upgrading to TypeScript 5.6 allowed for generating `parser.d.ts`, which
should may help people that use Peggy programmatically in nonstandard
ways.
##### Bug fixes
- [#​567](https://redirect.github.com/peggyjs/peggy/issues/567)
Load config files and plugins correctly on Windows by using file: URIs
in import().
##### Documentation
- [#​566](https://redirect.github.com/peggyjs/peggy/pull/566)
Slight tweaks to document generation.
###
[`v4.1.1`](https://redirect.github.com/peggyjs/peggy/releases/tag/v4.1.1)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v4.0.3...v4.1.1)
v4.1.0 did not actually get published due to a workflow issue that
should
be sorted out now.
##### New features
- [#​477](https://redirect.github.com/peggyjs/peggy/issues/477)
Option to output .d.ts files next to .js from CLI.
- [#​530](https://redirect.github.com/peggyjs/peggy/issues/531)
Allow es6 plugins from CLI
- [#​532](https://redirect.github.com/peggyjs/peggy/issues/532)
Allow es6 options files from the CLI
##### Bug fixes
- [#​531](https://redirect.github.com/peggyjs/peggy/issues/531)
Clean up rollup hacks from CLI code.
- [#​514](https://redirect.github.com/peggyjs/peggy/issues/514)
Allow execution of the `peggy` binary on Windows by handling node
runtime flags manually, executing a sub-instance of node to actually run
`peggy`.
- [#​538](https://redirect.github.com/peggyjs/peggy/pull/509)
Fixed error in TS types for `peg$maxFailExpected` and `peg$maxFailPos`.
- [#​551](https://redirect.github.com/peggyjs/peggy/pull/551)
Moved to package-extract instead of a custom script for version file
generation.
###
[`v4.0.3`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#403)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v4.0.2...v4.0.3)
Released: 2024-06-19
##### New features
- [#​509](https://redirect.github.com/peggyjs/peggy/pull/509) Add
and implement ES6 export button
##### Bug fixes
- [#​493](https://redirect.github.com/peggyjs/peggy/issues/493)
Allow use of an empty
array, null, or undefined as allowedStartRules option
- [#​505](https://redirect.github.com/peggyjs/peggy/pull/505) Fix
vscode-eslint settings
to work with eslint flat config
- [#​507](https://redirect.github.com/peggyjs/peggy/pull/507)
Remove stray semicolon in CSS
- [#​508](https://redirect.github.com/peggyjs/peggy/pull/508) Fix
broken text input in
web version
- [#​512](https://redirect.github.com/peggyjs/peggy/issues/512)
Add "StartRules" to peg.d.ts
- [#​513](https://redirect.github.com/peggyjs/peggy/issues/513)
Allow whitespace between
plucked word and its pattern.
- [#​520](https://redirect.github.com/peggyjs/peggy/issues/520)
Grammar with token "constructor" fails to generate
- [#​522](https://redirect.github.com/peggyjs/peggy/issues/522)
Switched from puppeteer
to playwright for web tests, and added them to CI.
##### Documentation
- [#​506](https://redirect.github.com/peggyjs/peggy/pull/506)
Added END OF INPUT (`!.`).
###
[`v4.0.2`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#402)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v4.0.1...v4.0.2)
Released: 2024-02-26
##### Bug fixes
- [#​490](https://redirect.github.com/peggyjs/peggy/issues/490)
Throw error when imports are used in unsupported formats. Supported
formats are now only "es" and "commonjs".
- [#​494](https://redirect.github.com/peggyjs/peggy/pull/494)
Updated docs to make `--allowedRules *` more clear
- [#​495](https://redirect.github.com/peggyjs/peggy/issues/495)
from-mem inadvertantly
made the minimum supported node version v20.8. Updated to latest
from-mem.
###
[`v4.0.1`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#401)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v4.0.0...v4.0.1)
Released: 2024-02-23
##### Bug fixes
- [#​478](https://redirect.github.com/peggyjs/peggy/issues/478)
Add "npx" to some doc
examples.
- [#​479](https://redirect.github.com/peggyjs/peggy/issues/479)
Refactor `cli/fromMem.js` into separate project
[from-mem](https://redirect.github.com/peggyjs/from-mem/).
- [#​481](https://redirect.github.com/peggyjs/peggy/issues/481)
Add CLI test for
\--library
- [#​483](https://redirect.github.com/peggyjs/peggy/issues/483)
fix errors in
typescript file.
###
[`v4.0.0`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#400)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v3.0.2...v4.0.0)
Released: 2024-02-13
##### Major Changes
- [#​379](https://redirect.github.com/peggyjs/peggy/issues/379)
Fix infinite recursion
issue by moving reportInfiniteRecursion to the new prepare pass, and
having
it fail after finding the first issue. This will require plugin authors
to ensure that reportInfiniteRecursion is in the new pass correctly.
- [#​417](https://redirect.github.com/peggyjs/peggy/pull/417)
BREAKING: change to AST to
allow topLevelInitializer and initializer to be arrays, in support of
multi-file inputs. This will require plugin updates. The CLI and API now
take multiple files as input, where the first file is your main library,
and
subsequent files consist of a library of other rules. The CLI can take
file
names of the form `npm:<package-name>/<filename>` to load library rules
from
an NPM package that is installed relative to the previous non-npm file
name,
or to the current working directory if this is the first file name.
- [#​420](https://redirect.github.com/peggyjs/peggy/pull/420)
BREAKING: Node v16+ is now
required for running the CLI or using Peggy as a library. Generated code
still targets older runtimes.
- [#​456](https://redirect.github.com/peggyjs/peggy/pull/456)
BREAKING: Allow imports
from external compiled grammars inside a source grammar, using `import
{rule} from "external.js"`. Note that this syntax will generate either
`import` or `require` in the JavaScript output, depending on the value
of
the `format` parameter. This will need explicit support from
plugins, with a few new AST node types and a few visitor changes.
- [#​463](https://redirect.github.com/peggyjs/peggy/issues/463)
Drop support for
Internet Explorer. Move to eslint flat configs in order to lint
minimized
browser code for compatibility with
`defaults, maintained node versions, not op_mini all`.
##### Minor Changes
- [#​400](https://redirect.github.com/peggyjs/peggy/pull/400) Use
`@generated` in generated
code
- [#​404](https://redirect.github.com/peggyjs/peggy/issues/404)
Add support for -w/--watch
to the command line interface.
- [#​415](https://redirect.github.com/peggyjs/peggy/issues/415)
Added `browser` key to package.json, pointing to Webpack output.
- [#​420](https://redirect.github.com/peggyjs/peggy/pull/420)
Updated dependencies to
avoid audit warnings.
- [#​425](https://redirect.github.com/peggyjs/peggy/pull/425) Add
a pass to simplify single-character choices
- [#​427](https://redirect.github.com/peggyjs/peggy/pull/427)
Avoid double extraction of
substrings in various MATCH\_ bytecodes
- [#​430](https://redirect.github.com/peggyjs/peggy/pull/430) Make
generate-js.js ts clean
- [#​432](https://redirect.github.com/peggyjs/peggy/pull/432) Add
peggy.code-workspace
- [#​435](https://redirect.github.com/peggyjs/peggy/pull/435)
Setup tsconfig to detect use of library functions from es6 or later
- [#​436](https://redirect.github.com/peggyjs/peggy/pull/436) Get
rid of tsd
- [#​437](https://redirect.github.com/peggyjs/peggy/pull/437)
Better type checking for visitor
- [#​438](https://redirect.github.com/peggyjs/peggy/pull/438) Make
test build deterministic
- [#​439](https://redirect.github.com/peggyjs/peggy/pull/439) Make
peg$computePosDetails a little faster
- [#​440](https://redirect.github.com/peggyjs/peggy/issues/440)
Create directories for
output and source-map if they do not exist, rather than erroring.
- [#​446](https://redirect.github.com/peggyjs/peggy/pull/446) Add
a right-associative `ExponentiationExpression` rule (operator `**`) to
`javascript.pegjs` example grammar.
- [#​451](https://redirect.github.com/peggyjs/peggy/pull/451) Make
stack.js ts clean
- [#​452](https://redirect.github.com/peggyjs/peggy/pull/452)
Fixes to prepare generate-bytecode.js for ts-check
- [#​453](https://redirect.github.com/peggyjs/peggy/pull/453) Make
generate-bytecode.js ts-clean
- [#​460](https://redirect.github.com/peggyjs/peggy/pull/453)
Allow `-t` and `-T` testing
from the CLI with `--format es`.
##### Bug Fixes
- [#​405](https://redirect.github.com/peggyjs/peggy/pull/405) Doc
example doesn't correspond to code example. From
[@​hildjj](https://redirect.github.com/hildjj)
- [#​415](https://redirect.github.com/peggyjs/peggy/issues/415)
Make docs match reality with `import`.
- [#​426](https://redirect.github.com/peggyjs/peggy/pull/426) Fix
typo in XML example.
- [#​434](https://redirect.github.com/peggyjs/peggy/issues/434)
Fixed bad example in docs.
- [#​445](https://redirect.github.com/peggyjs/peggy/issues/415)
Fix indentation in `examples/javascript.pegjs`.
- [#​450](https://redirect.github.com/peggyjs/peggy/issues/450)
Fixed misleading documentation.
- [#​466](https://redirect.github.com/peggyjs/peggy/issues/466)
Add docs for developers.
###
[`v3.0.2`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#302)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v3.0.1...v3.0.2)
Released: 2023-03-21
##### Minor Changes
- [#​392](https://redirect.github.com/peggyjs/peggy/issues/392)
Removed the --optimize
command line argument, which has been invalid since v1.2. From
[@​hildjj](https://redirect.github.com/hildjj).
##### Bug Fixes
- [#​371](https://redirect.github.com/peggyjs/peggy/issues/371)
Error using online Peggy - "Can't find variable: util". From
[@​hildjj](https://redirect.github.com/hildjj).
- [#​374](https://redirect.github.com/peggyjs/peggy/issues/374)
CLI throws exception
on grammar errors. From
[@​hildjj](https://redirect.github.com/hildjj)
- [#​381](https://redirect.github.com/peggyjs/peggy/issues/381)
Repetitions with code blocks
for min or max not handling non-integer returns correctly. From
[@​hildjj](https://redirect.github.com/hildjj).
- [#​382](https://redirect.github.com/peggyjs/peggy/pull/382)
Update grammarSource
documentation. From
[@​AndrewRayCode](https://redirect.github.com/AndrewRayCode).
- [#​384](https://redirect.github.com/peggyjs/peggy/issues/384)
Improve the error.format()
documentation. From
[@​AndrewRayCode](https://redirect.github.com/AndrewRayCode).
- [#​386](https://redirect.github.com/peggyjs/peggy/issues/386)
Ensure '\*' as
allowed-start-rule is documented for CLI. From
[@​hildjj](https://redirect.github.com/hildjj).
###
[`v3.0.1`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#301)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v3.0.0...v3.0.1)
Released: 2022-03-05
##### Minor Changes
- [#​329](https://redirect.github.com/peggyjs/peggy/issues/329)
Allow plugin options in
generate. This change loosens type checking strictness to allow for
options
unknown to Peggy, but used by plugins such as ts-pegjs. From
[@​hildjj](https://redirect.github.com/hildjj).
##### Bug Fixes
- [#​329](https://redirect.github.com/peggyjs/peggy/issues/329)
Allow type definition for ParserBuildOptions to include plugin options.
From [@​hildjj](https://redirect.github.com/hildjj).
- [#​346](https://redirect.github.com/peggyjs/peggy/issues/346)
Allow extra semicolons
between rules. From
[@​hildjj](https://redirect.github.com/hildjj).
- [#​347](https://redirect.github.com/peggyjs/peggy/issues/347)
Disallow '$' as an initial
character in identifiers. This is not a breaking change because no
grammar
could have successfully used these in the past. From
[@​hildjj](https://redirect.github.com/hildjj).
- [#​354](https://redirect.github.com/peggyjs/peggy/pull/354)
Various minor nits in the
docs, including indentation and ensuring that the CNAME file is correct.
- [#​357](https://redirect.github.com/peggyjs/peggy/issues/357)
Fix infinite recursion
possibility in repetition delimeters. From
[@​hildjj](https://redirect.github.com/hildjj) and
[@​Mingun](https://redirect.github.com/Mingun).
- [#​359](https://redirect.github.com/peggyjs/peggy/issues/359) Do
not treat as many
words as reserved. Clarify the documentation about identifiers. Ensure
that it is more clear that the target language being generated
determines
what words are reserved. Clarify that reserved word checking is only
done for labels. From [@​nene](https://redirect.github.com/nene).
- [#​364](https://redirect.github.com/peggyjs/peggy/issues/364)
Fix passing an incorrect
external label to the expression inside the `repeated` node. From
[@​Mingun](https://redirect.github.com/Mingun).
###
[`v3.0.0`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#300)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v2.0.1...v3.0.0)
Released: 2023-02-21
##### Major Changes
- [#​280](https://redirect.github.com/peggyjs/peggy/issues/280)
Add inline examples to
the documentation, from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​240](https://redirect.github.com/peggyjs/peggy/issues/240)
Generate SourceNodes for
bytecode, from [@​hildjj](https://redirect.github.com/hildjj)
- [#​338](https://redirect.github.com/peggyjs/peggy/pull/338)
BREAKING CHANGE. Update
dependencies, causing minimum supported version of node.js to move to
14.
Generated grammar source should still work on older node versions and
some
older browsers, but testing is currently manual for those. from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​291](https://redirect.github.com/peggyjs/peggy/pull/291): Add
support for
repetition operator `expression|min .. max, delimiter|`, from
[@​Mingun](https://redirect.github.com/Mingun)
- [#​339](https://redirect.github.com/peggyjs/peggy/pull/339):
BREAKING CHANGE. Updated
the list of JavaScript reserved words. This will break existing grammars
that use any of the new words in their rule or label names. from
[@​hildjj](https://redirect.github.com/hildjj)
Important information for plug-in authors: PR
[#​291](https://redirect.github.com/peggyjs/peggy/issues/291)
added 4 new opcodes to the bytecode:
- `IF_LT`
- `IF_GE`
- `IF_LT_DYNAMIC`
- `IF_GE_DYNAMIC`
and added a new AST node and a visitor method `repeated`. Do not forget
to update your plug-ins.
Important information for grammar authors: the following words, which
used to
be valid identifiers for rules and labels, are now treated as JavaScript
reserved words, and will cause errors at compile time if you are using
them:
- abstract
- arguments
- as
- async
- boolean
- byte
- char
- double
- eval
- final
- float
- from
- get
- goto
- int
- long
- native
- of
- set
- short
- synchronized
- throws
- transient
- volatile
##### Minor Changes
- [#​274](https://redirect.github.com/peggyjs/peggy/issues/274)
`"*"` is now a valid `allowedStartRule`, which means all rules are
allowed, from [@​hildjj](https://redirect.github.com/hildjj)
- [#​229](https://redirect.github.com/peggyjs/peggy/issues/229)
new CLI option
`-S <rule>` or `--start-rule <rule>` to specify the start rule when
testing,
from [@​hildjj](https://redirect.github.com/hildjj)
- [#​236](https://redirect.github.com/peggyjs/peggy/issues/236)
Website: show line numbers
in parser input textarea, from
[@​Mingun](https://redirect.github.com/Mingun)
- [#​280](https://redirect.github.com/peggyjs/peggy/issues/280)
new output type
`source-with-inline-map`, which generates source text with an inline
map,
from [@​hildjj](https://redirect.github.com/hildjj)
- [#​285](https://redirect.github.com/peggyjs/peggy/issues/285)
Require that a non-empty
string be given as a grammarSource if you are generating a source map,
from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​206](https://redirect.github.com/peggyjs/peggy/pull/206): New
output type `ast` and
an `--ast` flag for the CLI to get an internal grammar AST for
investigation
(can be useful for plugin writers), from
[@​Mingun](https://redirect.github.com/Mingun)
- [#​294](https://redirect.github.com/peggyjs/peggy/pull/294)
Website: show errors in the
editors, from [@​Mingun](https://redirect.github.com/Mingun)
- [#​297](https://redirect.github.com/peggyjs/peggy/pull/297)
Website: add Discord widget,
from [@​hildjj](https://redirect.github.com/hildjj)
- [#​299](https://redirect.github.com/peggyjs/peggy/issues/299)
Add example grammar for a
[SemVer.org](https://semver.org) semantic version string, from
[@​dselman](https://redirect.github.com/dselman)
- [#​307](https://redirect.github.com/peggyjs/peggy/issues/307)
Allow grammars to have
relative offsets into their source files (e.g. if embedded in another
doc),
from [@​hildjj](https://redirect.github.com/hildjj).
- [#​308](https://redirect.github.com/peggyjs/peggy/pull/308) Add
support for reading test
data from stdin using `-T -`, from
[@​hildjj](https://redirect.github.com/hildjj).
- [#​313](https://redirect.github.com/peggyjs/peggy/pull/313)
Create the website using
eleventy, from
[@​camcherry](https://redirect.github.com/camcherry)
##### Bug Fixes
- [#​283](https://redirect.github.com/peggyjs/peggy/issues/283)
Fix incorrect type
information for DiagnosticCallback, from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​287](https://redirect.github.com/peggyjs/peggy/issues/287)
Allow large outputs
to be received without blocking on the CLI tests, from
[@​hildjj](https://redirect.github.com/hildjj)
###
[`v2.0.1`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#201)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v2.0.0...v2.0.1)
Released: 2022-01-01
##### Major Changes
- None
##### Minor Changes
- [#​261](https://redirect.github.com/peggyjs/peggy/pull/261):
Remove documentation from
README.md, instead linking to the HTML documentation. HTML documentation
on
<https://peggyjs.org> is now served from the `docs` branch, so that it
won't
update as we change the `main` branch. `main` must be merged onto `docs`
as
a part of the release process going forward.
- [#​266](https://redirect.github.com/peggyjs/peggy/issues/266):
Expose the private
field `problems` in the `Session` class, from
[@​hildjj](https://redirect.github.com/hildjj).
##### Bug Fixes
- [#​263](https://redirect.github.com/peggyjs/peggy/issues/263):
Broken link to unpkg.
This bug was a symptom of a relatively bad issue in the 2.0.0 release,
where
the web version of peggy was put in the wrong place, and therefore not
tested in the release process. From
[@​hildjj](https://redirect.github.com/hildjj).
###
[`v2.0.0`](https://redirect.github.com/peggyjs/peggy/blob/HEAD/CHANGELOG.md#200)
[Compare
Source](https://redirect.github.com/peggyjs/peggy/compare/v1.2.0...v2.0.0)
Released: 2022-05-28
##### Major Changes
- [#​163](https://redirect.github.com/peggyjs/peggy/pull/163): Add
support for
generating source maps, from
[@​Mingun](https://redirect.github.com/Mingun)
- [#​160](https://redirect.github.com/peggyjs/peggy/pull/160):
Introduce an API for
reporting errors, warnings and information messages from passes. New API
allows reporting several diagnostics at once with intermediate results
checking after each compilation stage, from
[@​Mingun](https://redirect.github.com/Mingun)
- [#​218](https://redirect.github.com/peggyjs/peggy/pull/218): Add
a `sourceMappingURL`
to the generated code, from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​248](https://redirect.github.com/peggyjs/peggy/pull/248):
Remove support for
Node.js version 10. When updating dependencies, too many of the tools we
use no longer work on the Node 10, which went out of security
maintenance
more than a year ago. Added support for Node.js version 18, from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​251](https://redirect.github.com/peggyjs/peggy/pull/251):
Make `commander` and
`source-map-generator` full dependencies. These are not needed for the
pre-packaged web build, but will be used by Node or people that are
doing
their own packaging for the web, from
[@​hildjj](https://redirect.github.com/hildjj)
##### Minor Changes
- [#​167](https://redirect.github.com/peggyjs/peggy/pull/167): New
CLI, from [@​hildjj](https://redirect.github.com/hildjj)
- Backward compatible with the previous
- New -t/--test and -T/--testfile flags to directly test the generated
grammar
- [#​169](https://redirect.github.com/peggyjs/peggy/issues/169):
Expose string escape
functions, `stringEscape()` and `regexpClassEscape()`, from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​175](https://redirect.github.com/peggyjs/peggy/pull/175):
Check allowedStartRules
for validity, from [@​hildjj](https://redirect.github.com/hildjj)
- [#​185](https://redirect.github.com/peggyjs/peggy/pull/185):
Updated eslint rules,
from [@​hildjj](https://redirect.github.com/hildjj)
- [#​196](https://redirect.github.com/peggyjs/peggy/pull/196): Add
example grammars for
XML and source-mapping, from
[@​hildjj](https://redirect.github.com/hildjj)
- [#​204](https://redirect.github.com/peggyjs/peggy/pull/204):
Increase coverage for the
tests, from [@​Mingun](https://redirect.github.com/Mingun)
- [#​210](https://redirect.github.com/peggyjs/peggy/pull/210):
Refactor CLI testing,
from [@​hildjj](https://redirect.github.com/hildjj)
##### Bug fixes
- [#​164](https://redirect.github.com/peggyjs/peggy/pull/164): Fix
some errors in the
typescript definitions, from
[@​Mingun](https://redirect.github.com/Mingun)
- [#​170](https://redirect.github.com/peggyjs/peggy/issues/170):
Add
missing argument in function call, from
[@​darlanalves](https://redirect.github.com/darlanalves)
- [#​182](https://redirect.github.com/peggyjs/peggy/issues/182):
Fix typo in
documentation, from
[@​zargold](https://redirect.github.com/zargold)
- [#​197](https://redirect.github.com/peggyjs/peggy/pull/197): Fix
a regression of
redundant commas in the character classes in the error messages,
introduced
in
[`fad4ab7`](
|
||
Nathan Reese
|
99d8400328
|
move static presentationUtil code into package @kbn/expression-utils (#213659)
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> |
||
Mason Herron
|
35bfbf0484
|
[Fleet] Add integrations page gate (#213637)
Closes [#4169](https://github.com/elastic/ingest-dev/issues/4169) ## Summary  Ths PR fixes an issue with integrations not being gated by authentication rules by adding an auth check and returning error card if the user doesnt have appropriate permissions. - Moves `errors` layout file from fleet application to shared layouts for both fleet and integrations - Adds `callingApplication` prop to `permissionError` component to properly display verbiage based on application its being used in - Updated `fleet` application to have its own check when visiting the `add-integrations` path that checks for appropriate permissions. Uses `integrations.all` for check. - Updated verbiage on error component with `guideLink` - Adds top-level permission check on `integrations` application to ensure user has permissions by using `integrations.read || fleet.all` (may need to be extended in the future to make it more robust) ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks N/A --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|
Lisa Cawley
|
37a0a69d43
|
[DOCS] Add minimalistic feature API docs (#212559) | ||
Marshall Main
|
323cbdb9cd
|
[Detection Engine] Add apm context info for security rule executions (#211088)
## Summary Adds extra labels and context for security rule executions. Follow up work will add more context specific to the different security rule type. This PR focuses on capturing information about the configuration in logic shared across all rule types. The info collected is generally intended for use to narrow down _why_ a rule might be performing poorly. The `rule_id` param is collected so we can aggregate and identify prebuilt rules that perform poorly across many environments and ask the TRaDE team to help tune the rule query/config. ## Testing  1. Spin up an Observability cluster on cloud.elastic.co 2. Setup your local cluster to send APM data to the cloud cluster ``` elastic: apm: active: true serverUrl: <apm url from cloud console> secretToken: <secret token> ``` To find the secret token, login to Kibana on your cloud obs cluster and go to `Management -> Fleet -> Elastic cloud agent policy -> Elastic APM -> Agent Authorization -> Secret token` 3. Run rules in your local test environment. Observe APM data in the cloud cluster ## Uses In addition to debugging, we can use this new apm data to create dashboards like the screenshot below, showing the slowest rules by `rule_id` (only one rule in the test environment, but in production this would show the slowest rules across all apm enabled clusters).  --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|
Maxim Palenov
|
d01b9c6911
|
[Security Solution] Disallow merging critical rule field values upon rule upgrade when base version is missing (#213757)
## Summary
This PR makes changes to force target version for critical rule fields upon upgrade when rule's base version isn't found.
## Details
In case of missing base version rule upgrade diff algorithm isn't able to detect rule customizations. The only thing it's able to determine is different current and target field values. It tries to merge mergeable fields whenever possible. In fact mergeable fields are only scalar arrays. There are 4 fields processed that way
- `tags`
- `references`
- `threat_index`
- `new_terms`
However, `threat_index` and `new_terms` are critical rule fields impacting what alerts rule is gonna generate. Auto-merged values have much higher chance to be improper.
This PR **changes** the current behavior for `threat_index` and `new_terms`. It forces target field version when base rule version isn't found.
## How to test
To test this fix an updated prebuilt rule asset should be created. Follow the next steps for that
- Start fresh ES and Kibana (clear any ES data before)
- Open Rules Management page to install the latest prebuilt rules package (`8.17.6` currently)
- Install a threat match rule (e.g. `Threat Intel Hash Indicator Match`) and a new terms rule (e.g. `AWS EC2 Route Table Modified or Deleted`)
- Create new prebuilt rule assets. You may copy and paste suggested queries below. Make sure to run them under `system_indicies_superuser`/`changeme` user.
<details>
<summary>PUT a new Threat Match prebuilt rule asset</summary>
```
PUT .kibana_security_solution/_doc/security-rule:aab184d3-72b3-4639-b242-6597c99d8bca_10
{
"security-rule": {
"author": [
"Elastic"
],
"description": "This rule is triggered when a hash indicator from the Threat Intel Filebeat module or integrations has a match against an event that contains file hashes, such as antivirus alerts, process creation, library load, and file operation events.",
"from": "now-65m",
"index": [
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"winlogbeat-*"
],
"interval": "1h",
"language": "kuery",
"license": "Elastic License v2",
"name": "Threat Intel Hash Indicator Match",
"note": """## Triage and analysis
### Investigating Threat Intel Hash Indicator Match
Threat Intel indicator match rules allow matching from a local observation, such as an endpoint event that records a file hash with an entry of a file hash stored within the Threat Intel integrations index.
Matches are based on threat intelligence data that's been ingested during the last 30 days. Some integrations don't place expiration dates on their threat indicators, so we strongly recommend validating ingested threat indicators and reviewing match results. When reviewing match results, check associated activity to determine whether the event requires additional investigation.
This rule is triggered when a hash indicator from the Threat Intel Filebeat module or an indicator ingested from a threat intelligence integration matches against an event that contains file hashes, such as antivirus alerts, file operation events, etc.
> **Note**:
> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/current/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.
#### Possible investigation steps
- Gain context about the field that matched the local observation. This information can be found in the `threat.indicator.matched.field` field.
- Investigate the hash , which can be found in the `threat.indicator.matched.atomic` field:
- Search for the existence and reputation of the hash in resources like VirusTotal, Hybrid-Analysis, CISCO Talos, Any.run, etc.
- Scope other potentially compromised hosts in your environment by mapping hosts with file operations involving the same hash.
- Identify the process that created the file.
- Investigate the process execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.
- Enrich the information that you have right now by determining how the file was dropped, where it was downloaded from, etc. This can help you determine if the event is part of an ongoing campaign against the organization.
- Retrieve the involved file and examine the host for derived artifacts that indicate suspicious activities:
- Analyze the process executable using a private sandboxed analysis system.
- Observe and collect information about the following activities in both the sandbox and the alert subject host:
- Attempts to contact external domains and addresses.
- Use the Elastic Defend network events to determine domains and addresses contacted by the subject process by filtering by the process' `process.entity_id`.
- Examine the DNS cache for suspicious or anomalous entries.
- !{osquery{"label":"Osquery - Retrieve DNS Cache","query":"SELECT * FROM dns_cache"}}
- Use the Elastic Defend registry events to examine registry keys accessed, modified, or created by the related processes in the process tree.
- Examine the host services for suspicious or anomalous entries.
- !{osquery{"label":"Osquery - Retrieve All Services","query":"SELECT description, display_name, name, path, pid, service_type, start_type, status, user_account FROM services"}}
- !{osquery{"label":"Osquery - Retrieve Services Running on User Accounts","query":"SELECT description, display_name, name, path, pid, service_type, start_type, status, user_account FROM services WHERE\nNOT (user_account LIKE '%LocalSystem' OR user_account LIKE '%LocalService' OR user_account LIKE '%NetworkService' OR\nuser_account == null)\n"}}
- !{osquery{"label":"Osquery - Retrieve Service Unsigned Executables with Virustotal Link","query":"SELECT concat('https://www.virustotal.com/gui/file/', sha1) AS VtLink, name, description, start_type, status, pid,\nservices.path FROM services JOIN authenticode ON services.path = authenticode.path OR services.module_path =\nauthenticode.path JOIN hash ON services.path = hash.path WHERE authenticode.result != 'trusted'\n"}}
- Using the data collected through the analysis, scope users targeted and other machines infected in the environment.
### False Positive Analysis
- Adversaries often use legitimate tools as network administrators, such as `PsExec` or `AdFind`. These tools are often included in indicator lists, which creates the potential for false positives.
### Response and Remediation
- Initiate the incident response process based on the outcome of the triage.
- Isolate the involved host to prevent further post-compromise behavior.
- If the triage identified malware, search the environment for additional compromised hosts.
- Implement temporary network rules, procedures, and segmentation to contain the malware.
- Stop suspicious processes.
- Immediately block the identified indicators of compromise (IoCs).
- Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.
- Remove and block malicious artifacts identified during triage.
- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.
- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.
- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).
""",
"query": """file.hash.*:* or process.hash.*:* or dll.hash.*:*
""",
"references": [
"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-threatintel.html",
"https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html",
"https://www.elastic.co/security/tip"
],
"required_fields": [
{
"ecs": false,
"name": "dll.hash.*",
"type": "unknown"
},
{
"ecs": false,
"name": "file.hash.*",
"type": "unknown"
},
{
"ecs": false,
"name": "process.hash.*",
"type": "unknown"
}
],
"risk_score": 99,
"rule_id": "aab184d3-72b3-4639-b242-6597c99d8bca",
"setup": """## Setup
This rule needs threat intelligence indicators to work.
Threat intelligence indicators can be collected using an [Elastic Agent integration](https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html#agent-ti-integration),
the [Threat Intel module](https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html#ti-mod-integration),
or a [custom integration](https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html#custom-ti-integration).
More information can be found [here](https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html).
""",
"severity": "critical",
"tags": [
"OS: Windows",
"Data Source: Elastic Endgame",
"Rule Type: Threat Match",
"Resources: Investigation Guide"
],
"threat_filters": [
{
"$state": {
"store": "appState"
},
"meta": {
"disabled": false,
"key": "event.category",
"negate": false,
"params": {
"query": "threat"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.category": "threat"
}
}
},
{
"$state": {
"store": "appState"
},
"meta": {
"disabled": false,
"key": "event.kind",
"negate": false,
"params": {
"query": "enrichment"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.kind": "enrichment"
}
}
},
{
"$state": {
"store": "appState"
},
"meta": {
"disabled": false,
"key": "event.type",
"negate": false,
"params": {
"query": "indicator"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.type": "indicator"
}
}
}
],
"threat_index": [
"logs-ti_*"
],
"threat_indicator_path": "threat.indicator",
"threat_language": "kuery",
"threat_mapping": [
{
"entries": [
{
"field": "file.hash.md5",
"type": "mapping",
"value": "threat.indicator.file.hash.md5"
}
]
},
{
"entries": [
{
"field": "file.hash.sha1",
"type": "mapping",
"value": "threat.indicator.file.hash.sha1"
}
]
},
{
"entries": [
{
"field": "file.hash.sha256",
"type": "mapping",
"value": "threat.indicator.file.hash.sha256"
}
]
},
{
"entries": [
{
"field": "dll.hash.md5",
"type": "mapping",
"value": "threat.indicator.file.hash.md5"
}
]
},
{
"entries": [
{
"field": "dll.hash.sha1",
"type": "mapping",
"value": "threat.indicator.file.hash.sha1"
}
]
},
{
"entries": [
{
"field": "dll.hash.sha256",
"type": "mapping",
"value": "threat.indicator.file.hash.sha256"
}
]
},
{
"entries": [
{
"field": "process.hash.md5",
"type": "mapping",
"value": "threat.indicator.file.hash.md5"
}
]
},
{
"entries": [
{
"field": "process.hash.sha1",
"type": "mapping",
"value": "threat.indicator.file.hash.sha1"
}
]
},
{
"entries": [
{
"field": "process.hash.sha256",
"type": "mapping",
"value": "threat.indicator.file.hash.sha256"
}
]
}
],
"threat_query": "@timestamp >= \"now-30d/d\" and event.module:(threatintel or ti_*) and (threat.indicator.file.hash.*:* or threat.indicator.file.pe.imphash:*) and not labels.is_ioc_transform_source:\"true\"",
"timeline_id": "495ad7a7-316e-4544-8a0f-9c098daee76e",
"timeline_title": "Generic Threat Match Timeline",
"timestamp_override": "event.ingested",
"type": "threat_match",
"version": 10
},
"type": "security-rule",
"references": [],
"managed": true,
"coreMigrationVersion": "8.8.0",
"updated_at": "2025-03-11T07:21:44.100Z",
"created_at": "2025-03-11T07:21:44.100Z"
}
```
</details>
<details>
<summary>PUT a new New Terms prebuilt rule asset</summary>
```
PUT .kibana_security_solution/_doc/security-rule:e7cd5982-17c8-4959-874c-633acde7d426_209
{
"security-rule": {
"author": [
"Elastic",
"Austin Songer"
],
"description": "Identifies AWS CloudTrail events where an EC2 route table or association has been modified or deleted. Route table or association modifications can be used by attackers to disrupt network traffic, reroute communications, or maintain persistence in a compromised environment. This is a [New Terms](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-new-terms-rule) rule that detects the first instance of this behavior by the `aws.cloudtrail.user_identity.arn` field in the last 10 days.",
"false_positives": [
"Route Table could be modified or deleted by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Route Table being modified from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule. Also automated processes that use Terraform may lead to false positives."
],
"from": "now-9m",
"history_window_start": "now-10d",
"index": [
"filebeat-*",
"logs-aws.cloudtrail-*"
],
"language": "kuery",
"license": "Elastic License v2",
"name": "AWS EC2 Route Table Modified or Deleted",
"new_terms_fields": [
"test"
],
"note": """## Triage and Analysis
### Investigating AWS EC2 Route Table Modified or Deleted
This rule detects modifications or deletions of AWS route tables using actions such as `ReplaceRoute`, `ReplaceRouteTableAssociation`, `DeleteRouteTable`, `DeleteRoute`, or `DisassociateRouteTable`. These actions may indicate legitimate administrative activity, but they can also be abused by attackers to disrupt network traffic, reroute communications, or maintain persistence in a compromised environment.
#### Possible Investigation Steps
- **Review Request Parameters:**
- Check the `aws.cloudtrail.flattened.request_parameters` field. The sub-fields may vary depending on the `event.action` (e.g., `routeTableId` for `DeleteRouteTable`, `destinationCidrBlock` for `ReplaceRoute`).
- Validate the affected route table, routes, or associations based on the API call:
- For `ReplaceRoute`: Look for changes in specific routes using `destinationCidrBlock`.
- For `ReplaceRouteTableAssociation`: Review the new association details (e.g., subnet ID).
- For `DeleteRouteTable`: Confirm the `routeTableId` of the deleted table.
- For `DisassociateRouteTable`: Verify the disassociated resources.
- **Review User Context**:
- **User Identity**: Inspect the `aws.cloudtrail.user_identity.arn` field to determine the user or role initiating the action. Investigate whether this user is authorized to perform these operations.
- **Access Key ID**: Check the `aws.cloudtrail.user_identity.access_key_id` field to identify if the access key used was expected or potentially compromised.
- **Access Patterns**: Validate whether the user or role has a history of performing route table modifications and whether this aligns with their expected responsibilities.
- **Analyze Request Details**:
- **Action Type**: Verify the specific API call in the `event.action` field (e.g., `ReplaceRoute`, `DeleteRouteTable`) to understand the nature of the modification.
- **Source IP and Geolocation**: Examine the `source.address` and `source.geo` fields to confirm whether the request originated from a trusted location. Suspicious geolocations or IPs may indicate adversarial activity.
- **User Agent**: Review the `user_agent.original` field to determine the tool used for the request (e.g., AWS CLI, Terraform). Unusual or custom user agents may indicate malicious intent.
- **Correlate with Other Activity**:
- **Concurrent API Calls**: Look for related API calls (e.g., `CreateRoute`, `AuthorizeSecurityGroupIngress`, or `ModifyInstanceAttribute`) from the same user or IP to detect broader attack patterns.
- **IAM Changes**: Investigate whether any IAM policy updates or privilege escalation attempts preceded this activity.
- **Unusual Volume of Changes**: Check if the user has performed multiple route table modifications or deletions in a short timeframe.
- **Validate the Intent**:
- **Planned Changes**: Confirm with administrators whether the route table changes were part of a planned update or maintenance activity.
- **Permissions and Justification**: Ensure that the user or role has the least privilege necessary for these actions and that there is a valid reason for modifying the route table.
### False Positive Analysis
- **Routine Administration**: Route table modifications are often part of routine administrative tasks, such as creating new routes, updating associations, or removing unused resources.
- **Automation Tools**: Automated workflows, such as those executed by Terraform or CloudFormation, may trigger these events. Verify whether the `user_agent.original` field or source IP matches known automation tools.
- **Maintenance or Scaling**: Confirm whether these actions align with maintenance activities or scaling events (e.g., adding or removing subnets).
### Response and Remediation
- **Revoke Unauthorized Permissions**: If unauthorized, remove permissions for `ec2:ReplaceRoute`, `ec2:DeleteRouteTable`, or other related actions from the user or role.
- **Restore the Route Table**:
- If critical networking was impacted, restore the route table or reapply previous configurations from backups or Terraform state files.
- Verify connectivity to affected subnets or instances to ensure no disruptions to services.
- **Audit IAM Policies**:
- Limit route table modification permissions to specific trusted users, roles, or automation accounts.
- Implement conditions in IAM policies, such as source IP restrictions, to reduce the risk of unauthorized access.
- **Monitor and Alert**:
- Set up additional alerts for unexpected route table modifications or deletions.
- Use VPC flow logs and CloudTrail to monitor for related suspicious activity.
- **Secure Automation**: Ensure automation tools, such as Terraform or CloudFormation, are configured securely and that their credentials are stored in secure locations like AWS Secrets Manager.
""",
"query": """event.dataset: "aws.cloudtrail"
and event.provider: "ec2.amazonaws.com"
and event.action:(
"ReplaceRoute" or
"ReplaceRouteTableAssociation" or
"DeleteRouteTable" or
"DeleteRoute" or
"DisassociateRouteTable"
)
and event.outcome: "success"
and not source.address: (
"cloudformation.amazonaws.com" or
"servicecatalog.amazonaws.com" or
"fsx.amazonaws.com"
)
""",
"references": [
"https://github.com/easttimor/aws-incident-response#network-routing",
"https://docs.datadoghq.com/security_platform/default_rules/aws-ec2-route-table-modified/",
"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReplaceRoute.html",
"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReplaceRouteTableAssociation",
"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRouteTable.html",
"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteRoute.html",
"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateRouteTable.html"
],
"related_integrations": [
{
"integration": "cloudtrail",
"package": "aws",
"version": "^2.0.0"
}
],
"required_fields": [
{
"ecs": true,
"name": "event.action",
"type": "keyword"
},
{
"ecs": true,
"name": "event.dataset",
"type": "keyword"
},
{
"ecs": true,
"name": "event.outcome",
"type": "keyword"
},
{
"ecs": true,
"name": "event.provider",
"type": "keyword"
},
{
"ecs": true,
"name": "source.address",
"type": "keyword"
}
],
"risk_score": 21,
"rule_id": "e7cd5982-17c8-4959-874c-633acde7d426",
"severity": "low",
"tags": [
"Domain: Cloud",
"Data Source: AWS",
"Data Source: Amazon Web Services",
"Data Source: AWS EC2",
"Use Case: Network Security Monitoring",
"Resources: Investigation Guide",
"Tactic: Persistence"
],
"threat": [
{
"framework": "MITRE ATT&CK",
"tactic": {
"id": "TA0003",
"name": "Persistence",
"reference": "https://attack.mitre.org/tactics/TA0003/"
},
"technique": []
}
],
"timestamp_override": "event.ingested",
"type": "new_terms",
"version": 209
},
"type": "security-rule",
"references": [],
"managed": true,
"coreMigrationVersion": "8.8.0",
"updated_at": "2025-03-11T07:21:44.889Z",
"created_at": "2025-03-11T07:21:44.889Z"
}
```
</details>
- Remove the base versions
<details>
<summary>Remove Threat Match rule's base version</summary>
```
DELETE .kibana_security_solution/_doc/security-rule:aab184d3-72b3-4639-b242-6597c99d8bca_9
```
</details>
<details>
<summary>Remove New Terms rule's base version</summary>
```
DELETE .kibana_security_solution/_doc/security-rule:e7cd5982-17c8-4959-874c-633acde7d426_208
```
</details>
- Customize rule data source
- Open Prebuilt Rule Upgrade flyout and notice there are fields with solvable conflict
- Bulk update rules
- Notice Threat Match Index and New Terms Fields got target values. Data source value was set to target as well. Rules aren't marked as customized (there is not a "Modified" badge).
|
||
Gergő Ábrahám
|
91e8ac4f87
|
[EDR Workflows] Fix event filters cannot be saved bug (#213805)
## Summary This PR fixes the bug when the Save button on the flyout of the edited Event Filter won't turn into enabled state, when the user edits the input fields. ## Screen recordings Added some screen recordings to help the reviews. ### Editing This had the original issue, here how it works: https://github.com/user-attachments/assets/ff270cad-ca9b-431c-a789-d24cffe2f526 ### Adding new event filter Just regression. https://github.com/user-attachments/assets/7d0c0722-6e8e-4518-8505-c137a50c8cb7 ### Adding from Security / Explore Just to see that it still works, as I needed to modify its unit tests. https://github.com/user-attachments/assets/ec204b34-d528-4937-aabc-1aa808a3b3d8 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios |
||
Viduni Wickramarachchi
|
9b1455c7f7
|
[Obs AI Assistant] Make KB retrieval namespace specific (#213505)
Closes https://github.com/elastic/kibana/issues/213504 ## Summary ### Problem KB retrievals are not space specific at present. Therefore, users are able to view entries across spaces. ### Solution Filter by `namespace` when retrieving KB entries. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) |
||
Tiago Costa
|
eb653d2023
|
skip flaky suite (#213408) | ||
|
Kibana Machine
|
d545d379cd | skip failing test suite (#209913) | ||
|
Tiago Costa
|
3688821f8f
|
skip flaky suite (#213906) | ||
|
Tiago Costa
|
66f2bd9856
|
skip flaky suite (#213905) | ||
Michael Olorunnisola
|
2d8f3c1544
|
[Performance][Security Solution][2/4] - Timeline Performance (#212478)
## Summary Part 2 of https://github.com/elastic/kibana/pull/212173 ### Testing For setup see testing section here: https://github.com/elastic/kibana/pull/212173#issue-2870522020 **Areas/How to test:** - For the following pages, test there are no `fields` api requests in the inspector network tab when visiting from another page. IF YOU REFRESH on any of these pages, you will see these requests as they are called by the Query Search Bar and the `useInitSourcerer` call - Cases Page - Dashboard Page - Timelines Page - Timeline - All Tabs - Does it show the loading screen on first interaction? - Does the `fields` api fire on first interaction with the tab - When you navigate back to those tabs, do they not re-render? - All other pages hosting timeline - Do you feel like the performance is generally better? ### Background When investigating the performance of the security solution application, one of the issues that was observed was queries to the `fields` api on pages that had no reason making that request (such as Cases, or the Dashboards list view). This was due to the background background loaded tabs of timeline loading the relevant `dataView` necessary for their search functionality. When the fields request is significantly large this can have a massive impact on the experience of users on pages that should be relatively responsive. To fix this a few changes were made. 1. First the `withDataView` HOC was removed as it was only used in 2 components that shared a parent - child relationship, and the child `UnifiedTimeline` was only used in the parent. The hook that HOC calls was not caching the dataView being created, so `dataView.create` was being called up to 6 times unnecessarily. Now it is only called once in each tab. 2. A new wrapper `OnDemandRenderer` (open to different naming 😅) was created that will not render any of the nested tabs until they are opened. Once they are opened, they stay in memory, to avoid re-calling expensive api's every time a user switches tabs. _Note_: There is currently a known issue where navigating between various routes in security solution causes the whole application to unmount and re-mount. Which means every page change will lead to timeline needing to be re-loaded when the tab is opened. This is being resolved in a separate effort. 3. Additional checks were added to the `useTimelineEvents` hook to limit additional re-renders caused by unnecessary reference changes when the underlying values never actually change ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### Identify risks |
||
Lukas Olson
|
93adbd8c0e
|
Unskip discover async search test (#204827)
## Summary Resolves https://github.com/elastic/kibana/issues/195955. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... Co-authored-by: Matthias Wilhelm <matthias.wilhelm@elastic.co> |
||
Joe Reuter
|
38893c939b
|
🌊 Streams: Fix unnecessary rollovers (#213594)
This PR fixes the problem of unnecessary rollovers because of the way the `stream.name` field is declared as a keyword. As we auto-magically inject this field when building the mapping, it doesn't behave as expected. This PR makes the special handling more explicit by marking it as `type: system` to make it clear that this field can't be controlled by the user at all. <img width="399" alt="Screenshot 2025-03-07 at 16 08 32" src="https://github.com/user-attachments/assets/ea5cca8b-a487-4452-919c-4aafe43f992b" /> <img width="992" alt="Screenshot 2025-03-07 at 16 08 57" src="https://github.com/user-attachments/assets/1f9455c7-43b5-4573-a76b-246ccde938a2" /> It's a little annoying having to deal with this special case everywhere we handle fields, but I actually think it will be good to have this expressed in typescript, because otherwise it's easy to forget and it can bite us later (like changing the stream.name in a processor or remapping it with a different type). |
||
Sergi Massaneda
|
b7412d94e7
|
[Security Solution] Siem migrations Onboarding UI changes (#212560)
## Summary 1/3 of https://github.com/elastic/security-team/issues/11696 **Done** - UI changes in the onboarding cards **Pending** - UI changes in the upload form - UI changes in the translated rules page ### Screenshots **Processing** Old  New  **Results** Old  New  **Connectors** Text changes when the EIS connector is selected https://github.com/user-attachments/assets/f819c379-42a1-4dc8-b320-aa5fd5b7639a |
||
Alex Prozorov
|
68f46ba10c
|
[Cloud Security] add fleet package policies and agent policies cleanups as part of cis… (#213762)
## Summary This PR adds some cleanup logic that resets all policies in the integration creation FTRs. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed |
||
Carlos Crespo
|
a2dbf325e4
|
[APM] Service map new API (#212550)
closes [#212252](https://github.com/elastic/kibana/issues/212252) ## Summary This PR replaces the `scripted_metric` aggregation used to retrieve the data for the service map. The new solution relies on samples of exit spans - each representing a unique combination of `service.name` and `span.destination.service.resource` - along with their child transactions. The Service Map is now built entirely on the **client side** to reduce server-side load and prevent excessive event loop utilization. >[!NOTE] > - `transform_service_map_responses.ts` was refactored to improve readability and performance, The file was renamed to `get_service_map_nodes.ts` > - `group_resource_nodes.ts` was refactored to improve readability and performance ### Consequences - The new solution requires **all exit spans** to have the `span.destination.service.resource` field populated — with the exception of messaging systems, which may rely on `span.links` (not addressed in this PR) - A warning will be added to the trace waterfall for exit spans without `span.destination.sevice.resource` [#212638](https://github.com/elastic/kibana/issues/212638) - <img width="500" alt="image" src="https://github.com/user-attachments/assets/9f056581-8dd1-403f-b831-ea615b533c07" /> <img width="500" alt="image" src="https://github.com/user-attachments/assets/4c22e5d9-1c29-40aa-a18a-63c1f87fbfc1" /> - When multiple services point to load balancers, they will share the same `span.destination.service.resource`. This could lead to incomplete paths in the map, as the path is built for the **first** `service.name` + `span.destination.service.resource` pair returned processed. - This can't be addressed, but we'll look into ways to inform the user when the logic identifies this scenario [#213124](https://github.com/elastic/kibana/issues/213124) | current | new | | --------|------| |<img width="500" alt="image" src="https://github.com/user-attachments/assets/0bccc242-ecda-42b3-bad4-9356468a71ad" />|<img width="500" alt="image" src="https://github.com/user-attachments/assets/dfa0dab7-18f4-4eb5-84e7-4cd0f8b9eedc" />| ### Analysis The performance analysis below uses data from the **edge** cluster and the **service_map_oom** synthtrace scenario, simulating long traces. The selected date range was **24h**. ### Current solution <img width="800" alt="image" src="https://github.com/user-attachments/assets/aec6fdc8-d6f1-426d-a931-57bbcffb5b7c" /> `numeric_labels.event_loop_active`: 4085.601743 `numeric_labels.event_loop_utilization`: 0.28716 ### New solution <img width="800" alt="image" src="https://github.com/user-attachments/assets/babd9399-e83c-4396-a01e-04fcb38086aa" /> `numeric_labels.event_loop_active`: 887.149512 `numeric_labels.event_loop_utilization`: 0.123929 On the **client side**, the most CPU-intensive operation is performed by cytoscape. The creation of service connections performs efficiently. <img width="800" alt="image" src="https://github.com/user-attachments/assets/e346bb5b-eb27-4b54-aa44-667f61cfade3" /> ### How to test - Add `xpack.apm.serviceMapV2Enabled: true` to `kibana.dev.yml` - Navigate to APM > Services Inventory > Service Map --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> |
||
Devon Thomson
|
000d859207
|
[Dashboard] Remove replace panel FT service (#213781)
cleans up an unused service |
||
|
Pierre Gayvallet
|
b04d0b239e
|
[inference] add maxRetries parameter and retry mechanism (#211096)
## Summary Fix https://github.com/elastic/kibana/issues/210859 - Add a retry-on-error mechanism to the `chatComplete` API - defaults to retrying only "non-fatal" errors 3 times, but configurable per call - Wire the retry option to the `output` API and to the `NL-to-ESQL` task ### Example ```ts const response = await chatComplete({ connectorId: 'my-connector', system: "You are a helpful assistant", messages: [ { role: MessageRole.User, content: "Some question?"}, ], maxRetries: 3, // optional, 3 is the default value retryConfiguration: { // everything here is optional, showing default values retryOn: 'auto', initialDelay: 1000, backoffMultiplier: 2, } }); ``` |
||
|
Shahzad
|
60ccd5805f
|
[Synthetics] Fix lat test run timestamp !! (#213735)
## Summary Fix lat test run timestamp !! Issue was because of using timestamp abstraction on the ping document. ### Changes removed the unnecessary timestamp field from ping and use `@timestamp` which is natively present on the document. it was causing unnecessary confusion. Fixes https://github.com/elastic/kibana/issues/213742 !! ### Before <img width="1487" alt="image" src="https://github.com/user-attachments/assets/ce03e52d-2287-4b30-b984-07a1a8690dff" /> ### After <img width="1478" alt="image" src="https://github.com/user-attachments/assets/149694d8-8f49-4444-bf3b-edf8fe914741" /> |
||
Peter Pisljar
|
907abc687b
|
[Lens] Move esql editor to layer_panel.tsx (#208354)
## Summary moves esql editor to layer_panel.tsx as preparation to enable esql editing on each layer. how to test this: - create esql visualization in discover and put it on a dashboard - edit visualization on the dashboard (esql query etc) - everything should work exactly as before --------- Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co> Co-authored-by: dej611 <dej611@gmail.com> Co-authored-by: Marco Liberati <dej611@users.noreply.github.com> |
||
|
Lisa Cawley
|
73c8a5184f
|
[DOCS] Add minimal upgrade assistant APIs (#213863) | ||
|
Viduni Wickramarachchi
|
9c0e4b0bfb
|
[Obs AI Assistant] Share conversations (#211854)
Closes https://github.com/elastic/kibana/issues/206590 Closes https://github.com/elastic/kibana/issues/211710 Closes https://github.com/elastic/kibana/issues/211604 Closes https://github.com/elastic/obs-ai-assistant-team/issues/215 ## Summary This PR implements conversation sharing for Obs AI Assistant conversations. The features included are as follows: 1. Refactored `ChatActionsMenu` - Removed Copy Conversation and Duplicate options 2. Removed the banner added in https://github.com/elastic/kibana/issues/209382 3. Removed the conversation input box (`PromptEditor`), if the user who is viewing the conversation cannot continue it. 4. Implemented a `ChatBanner` - This will show whether a conversation is shared with the team (The banner content differs based on who is viewing the conversation) 5. Implemented `ChatContextMenu` for conversation specific actions. This includes "Duplicate", "Copy conversation", "Copy URL" and "Delete". "Delete" functionality is only available to the conversation owner. (This menu is only included in the `ChatHeader` at the moment because `Eui` doesn't support passing a node to `EuiListGroupItem` to include this in the `ConversationList`. This will be refactored in https://github.com/elastic/kibana/issues/209386) 6. Implemented `useConversationContextMenu` for "copy" and "delete" functionalities. 7. Implemented `ChatSharingMenu` to mark a conversation as `shared/private`. This is only enabled for the owner of the conversation. For other users, a disabled badge will be shown stating whether the conversation is Private or Shared. 8. Implemented `updateConversationAccess` route. 9. Updated the Chat Item Actions Inspect Prompt Button to `Inspect`. This was `eye` before. 10. Implemented a custom component `ConversationListItemLabel` to show the shared icon in `ConversationList`. 11. Re-named "Copy conversation" to "Copy to clipboard" to avoid ambiguity with "Duplicate". 12. Added success toast on "Copy to clipboard" Note: If a conversation started from contextual insights, and then the user continue the conversation --> The conversation will be stored. However, if the user deletes the continued conversation, they will be reverted to the initial messages from the contextual insights. ### Screen recording https://github.com/user-attachments/assets/50b1fd3c-c2f5-406f-91bc-2b51bb58833e ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|
Alex Prozorov
|
2fd0bea441
|
[Cloud Security] add cleanup to rules v2 integrations and fix data views, compliance d… (#213669)
## Summary This PR tries to fix the following issues: - https://github.com/elastic/kibana/issues/201686 - https://github.com/elastic/kibana/issues/210678 - https://github.com/elastic/kibana/issues/168904 - https://github.com/elastic/kibana/issues/191017 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed |
||
Konrad Szwarc
|
e0bf98e45a
|
[EDR Workflows] Rename Endpoint Insights to Automatic Troubleshooting (#213876)
Updated Endpoint Insight UI label to Automatic Troubleshooting.    |
||
|
elastic-renovate-prod[bot]
|
45f19b769e
|
Update lru-cache (main) (#206225)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | @​types/lru-cache | devDependencies | major | [`^5.1.0` -> `^7.10.10`](https://renovatebot.com/diffs/npm/@types%2flru-cache/5.1.0/7.10.10) | | [lru-cache](https://redirect.github.com/isaacs/node-lru-cache) | dependencies | major | [`^4.1.5` -> `^11.0.2`](https://renovatebot.com/diffs/npm/lru-cache/4.1.5/11.0.2) | --- ### Release Notes ~Changelog~ _cringe lorg_ is here: https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md TL;DR: * Named export * Renamed some APIs (during 7.0): https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md#70---2022-02 * TS is embedded now, so `@types/lru-cache` are not needed. I'm addressing all these changes locally and will release the PR when fixed. <details> <summary>isaacs/node-lru-cache (lru-cache)</summary> ### [`v11.0.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v11.0.1...v11.0.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v11.0.1...v11.0.2) ### [`v11.0.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v11.0.0...v11.0.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v11.0.0...v11.0.1) ### [`v11.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.3...v11.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.3...v11.0.0) ### [`v10.4.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.2...v10.4.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.2...v10.4.3) ### [`v10.4.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.1...v10.4.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.1...v10.4.2) ### [`v10.4.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.0...v10.4.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.4.0...v10.4.1) ### [`v10.4.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.3.1...v10.4.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.3.1...v10.4.0) ### [`v10.3.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.3.0...v10.3.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.3.0...v10.3.1) ### [`v10.3.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.2.2...v10.3.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.2.2...v10.3.0) ### [`v10.2.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.2.1...v10.2.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.2.1...v10.2.2) ### [`v10.2.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.2.0...v10.2.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.2.0...v10.2.1) ### [`v10.2.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.1.0...v10.2.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.1.0...v10.2.0) ### [`v10.1.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.3...v10.1.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.3...v10.1.0) ### [`v10.0.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.2...v10.0.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.2...v10.0.3) ### [`v10.0.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.1...v10.0.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.1...v10.0.2) ### [`v10.0.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.0...v10.0.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v10.0.0...v10.0.1) ### [`v10.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.1.2...v10.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.1.2...v10.0.0) ### [`v9.1.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.1.1...v9.1.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.1.1...v9.1.2) ### [`v9.1.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.1.0...v9.1.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.1.0...v9.1.1) ### [`v9.1.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.3...v9.1.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.3...v9.1.0) ### [`v9.0.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.2...v9.0.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.2...v9.0.3) ### [`v9.0.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.1...v9.0.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.1...v9.0.2) ### [`v9.0.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.0...v9.0.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v9.0.0...v9.0.1) ### [`v9.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.5...v9.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.5...v9.0.0) ### [`v8.0.5`](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.4...v8.0.5) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.4...v8.0.5) ### [`v8.0.4`](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.3...v8.0.4) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.3...v8.0.4) ### [`v8.0.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.2...v8.0.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.2...v8.0.3) ### [`v8.0.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.1...v8.0.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.1...v8.0.2) ### [`v8.0.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.0...v8.0.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v8.0.0...v8.0.1) ### [`v8.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.3...v8.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.3...v8.0.0) ### [`v7.18.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.2...v7.18.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.2...v7.18.3) ### [`v7.18.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.1...v7.18.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.1...v7.18.2) ### [`v7.18.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.0...v7.18.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.18.0...v7.18.1) ### [`v7.18.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.17.2...v7.18.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.17.2...v7.18.0) ### [`v7.17.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.17.1...v7.17.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.17.1...v7.17.2) ### [`v7.17.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.17.0...v7.17.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.17.0...v7.17.1) ### [`v7.17.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.16.2...v7.17.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.16.2...v7.17.0) ### [`v7.16.2`](https://redirect.github.com/isaacs/node-lru-cache/blob/HEAD/CHANGELOG.md#7162) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.16.1...v7.16.2) - Fail fetch() promises when they are aborted ### [`v7.16.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.16.0...v7.16.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.16.0...v7.16.1) ### [`v7.16.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.15.0...v7.16.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.15.0...v7.16.0) ### [`v7.15.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.14.1...v7.15.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.14.1...v7.15.0) ### [`v7.14.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.14.0...v7.14.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.14.0...v7.14.1) ### [`v7.14.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.13.2...v7.14.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.13.2...v7.14.0) ### [`v7.13.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.13.1...v7.13.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.13.1...v7.13.2) ### [`v7.13.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.13.0...v7.13.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.13.0...v7.13.1) ### [`v7.13.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.12.1...v7.13.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.12.1...v7.13.0) ### [`v7.12.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.12.0...v7.12.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.12.0...v7.12.1) ### [`v7.12.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.11.0...v7.12.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.11.0...v7.12.0) ### [`v7.11.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.3...v7.11.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.3...v7.11.0) ### [`v7.10.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.2...v7.10.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.2...v7.10.3) ### [`v7.10.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.1...v7.10.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.1...v7.10.2) ### [`v7.10.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.0...v7.10.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.10.0...v7.10.1) ### [`v7.10.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.9.1...v7.10.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.9.1...v7.10.0) ### [`v7.9.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.9.0...v7.9.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.9.0...v7.9.1) ### [`v7.9.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.8.2...v7.9.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.8.2...v7.9.0) ### [`v7.8.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.8.1...v7.8.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.8.1...v7.8.2) ### [`v7.8.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.8.0...v7.8.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.8.0...v7.8.1) ### [`v7.8.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.4...v7.8.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.4...v7.8.0) ### [`v7.7.4`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.3...v7.7.4) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.3...v7.7.4) ### [`v7.7.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.2...v7.7.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.2...v7.7.3) ### [`v7.7.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.1...v7.7.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.1...v7.7.2) ### [`v7.7.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.0...v7.7.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.7.0...v7.7.1) ### [`v7.7.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.6.1...v7.7.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.6.1...v7.7.0) ### [`v7.6.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.6.0...v7.6.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.6.0...v7.6.1) ### [`v7.6.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.5.2...v7.6.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.5.2...v7.6.0) ### [`v7.5.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.5.1...v7.5.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.5.1...v7.5.2) ### [`v7.5.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.5.0...v7.5.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.5.0...v7.5.1) ### [`v7.5.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.5...v7.5.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.5...v7.5.0) ### [`v7.4.5`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.4...v7.4.5) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.4...v7.4.5) ### [`v7.4.4`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.3...v7.4.4) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.3...v7.4.4) ### [`v7.4.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.2...v7.4.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.2...v7.4.3) ### [`v7.4.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.1...v7.4.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.1...v7.4.2) ### [`v7.4.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.0...v7.4.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.4.0...v7.4.1) ### [`v7.4.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.3...v7.4.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.3...v7.4.0) ### [`v7.3.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.2...v7.3.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.2...v7.3.3) ### [`v7.3.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.1...v7.3.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.1...v7.3.2) ### [`v7.3.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.0...v7.3.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.3.0...v7.3.1) ### [`v7.3.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.3...v7.3.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.3...v7.3.0) ### [`v7.2.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.2...v7.2.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.2...v7.2.3) ### [`v7.2.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.1...v7.2.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.1...v7.2.2) ### [`v7.2.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.0...v7.2.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.2.0...v7.2.1) ### [`v7.2.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.3...v7.2.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.3...v7.2.0) ### [`v7.1.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.2...v7.1.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.2...v7.1.3) ### [`v7.1.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.1...v7.1.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.1...v7.1.2) ### [`v7.1.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.0...v7.1.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.1.0...v7.1.1) ### [`v7.1.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.4...v7.1.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.4...v7.1.0) ### [`v7.0.4`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.3...v7.0.4) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.3...v7.0.4) ### [`v7.0.3`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.2...v7.0.3) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.2...v7.0.3) ### [`v7.0.2`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.1...v7.0.2) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.1...v7.0.2) ### [`v7.0.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.0...v7.0.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v7.0.0...v7.0.1) ### [`v7.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v6.0.0...v7.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v6.0.0...v7.0.0) ### [`v6.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.1.1...v6.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.1.1...v6.0.0) ### [`v5.1.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.1.0...v5.1.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.1.0...v5.1.1) ### [`v5.1.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.0.1...v5.1.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.0.1...v5.1.0) ### [`v5.0.1`](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.0.0...v5.0.1) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v5.0.0...v5.0.1) ### [`v5.0.0`](https://redirect.github.com/isaacs/node-lru-cache/compare/v4.1.5...v5.0.0) [Compare Source](https://redirect.github.com/isaacs/node-lru-cache/compare/v4.1.5...v5.0.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNvcmUiLCJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> --------- Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jeanlouis.leysens@elastic.co> Co-authored-by: Alejandro Fernández Haro <alejandro.haro@elastic.co> |
||
Nicolas Chaulet
|
c686695cdd
|
[Fleet] Merge status and version column in integration table (#213779) | ||
Robert Jaszczurek
|
cbcb7edb94
|
[ML] Anomaly Detection: Show Switch to apply time range when opening job selector from left nav (#213382)
Fix for: https://github.com/elastic/kibana/issues/211018 and https://github.com/elastic/kibana/issues/212407 Note: Previously, the `apply time range` setting was saved in local storage even if the changes were not applied. After the fix, the setting is saved in local storage only if the user applies the new selection. After: https://github.com/user-attachments/assets/1657f0f4-c580-4941-9582-bf5f9dc3cd55 |
||
Nikita Indik
|
122c7e12e6
|
[Security Solution]: Add banner to promote prebuilt rule customization in ESS (#213750)
**Resolves: https://github.com/elastic/kibana/issues/205594** ## Summary **Changes:** - Adds a banner to promote prebuilt rule customization in ESS. Link currently leads to a 404 page since the blog post is not yet published. (Serverless banner to be added later, after April 1, when the blog post is published). Banner is dismissible. It's state is stored in localStorage. <img width="1006" alt="Schermafbeelding 2025-03-11 om 12 25 45" src="https://github.com/user-attachments/assets/41d83db9-4bc4-433e-a7e2-c5ef1049a20c" /> - A couple unrelated small changes: - Fixes spelling of singular/plural for "require" in the upgrade flyout - Fixes horizontal line misalignment in upgrade flyout. It was caused by an incorrect `css` function import: `import { css } from '@emotion/css';` instead of `import { css } from '@emotion/react';` <img width="653" alt="Schermafbeelding 2025-03-10 om 12 12 33" src="https://github.com/user-attachments/assets/ab5f3b9e-73b2-4938-bda2-401eece5407d" /> <img width="676" alt="Schermafbeelding 2025-03-10 om 12 13 17" src="https://github.com/user-attachments/assets/37bbff65-326f-415c-aab8-c9c661ef14ce" /> <img width="1966" alt="Schermafbeelding 2025-03-10 om 12 26 05" src="https://github.com/user-attachments/assets/16ac2b9e-13ba-45d8-adcd-c9fb74f8db6e" /> <img width="1966" alt="Schermafbeelding 2025-03-10 om 12 24 54" src="https://github.com/user-attachments/assets/c53e7642-26f5-490f-b1bc-6f3961aef71a" /> |