## Summary
- refines description for
- 9 `(win|mac|linux).advanced.events.hash.(md5|sha1|sha256)`:
9e7bbcf767
> Compute and include (MD5|SHA-1|SHA-256) hashes for processes and
libraries in events? This will increase CPU usage and event sizes. If
any user event filter or trustlists reference this hash type, Endpoint
will ignore this setting and automatically enable this hash type.
- 6 `(win|mac|linux).advanced.alerts.hash.(md5|sha1)`:
8fc0f51ab4
> Compute and include (MD5|SHA-1) hashes for processes and libraries in
alerts? This will increase CPU usage and alert sizes. If any user
exceptionlist, trustlist, or blocklists reference this hash type,
Endpoint will ignore this setting and automatically enable this hash
type.
- provides a 'history' for default behavior changes (e.g. `<=8.17
default: true, >=8.18 default: false`) for
- 12 `(win|mac|linux).advanced.(events|alerts).hash.(md5|sha1)`:
05b0ebe8ea
(note that events sha256 is not changed)
> <=8.17 default: true, >=8.18 default: false
- 3 `(win|mac|linux).advanced.events.aggregate_process`:
5984d8e90a
> <=8.17 default: false, >=8.18 default: true
- 3 `(win|mac|linux).advanced.events.set_extended_host_information`:
5da25a3592
> <=8.17 default: true, >=8.18 default: false
> [!IMPORTANT]
> The plan is to backport this PR to all open branches:
> - `8.18`/`8.x`/`9.0`/`main` will contain all modifications,
> - but `8.16`/`8.17` manual backports will only contain the description
refinement
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
## Summary
Resolves https://github.com/elastic/kibana/issues/213983
Adds gating logic to only display the rule upgrade related warning
callout on the rule editing page if the user has the appropriate license
level, otherwise the message is irrelevant as the user wouldn't be able
to edit a prebuilt rule in the way the message refers to
### Testing
**Steps to reproduce:**
1. Use a Platinum license or any tier that does not allow prebuilt rule
updates.
2. Navigate to the Rule Management page and select a prebuilt rule with
an available update.
3. Open Rule Details page -> Edit rule settings
4. Observe the callout message is not displayed at the top of the page
NOTE: When using the enterprise license, the callout should still be
displayed
## Summary
Partially addresses https://github.com/elastic/kibana/issues/211543
- Implements parser support for `CHANGE_POINT` command.
- Introduces `ESQLAstChangePointCommand` interface for `CHANGE_POINT`
commands AST nodes.
- Parses command arguments into `args` array as well as more structural
fields `value`, `key?`, `target?`.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Replaces #213441
## Summary
@smith and I have agreed that it makes sense for the infra services team
to own the observability overview page within the obs plugin.
First PR didn't add the changes to the correct "overrides" section of
the CODEOWNERS file.
Co-authored-by: Maryam Saeidi <maryam.saeidi@elastic.co>
- Enabled @typescript-eslint/consistent-type-imports eslint rule for
ResponseOps packages and plugins:
- this rule ensures that imports used only for type declarations are
consistently written using import type syntax
- fixed eslint errors for:
- `x-pack/platform/plugins/shared/actions`
- `x-pack/platform/plugins/shared/stack_alerts`
- `x-pack/platform/plugins/shared/stack_connectors`
- `x-pack/platform/plugins/shared/triggers_actions_ui`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [@redocly/cli](https://redirect.github.com/Redocly/redocly-cli) |
devDependencies | patch | [`^1.32.2` ->
`^1.33.0`](https://renovatebot.com/diffs/npm/@redocly%2fcli/1.33.0/1.33.0)
| `1.33.1` |
| [@redocly/cli](https://redirect.github.com/Redocly/redocly-cli) |
dependencies | patch | [`^1.32.2` ->
`^1.33.0`](https://renovatebot.com/diffs/npm/@redocly%2fcli/1.33.0/1.33.0)
| `1.33.1` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNvcmUiLCJiYWNrcG9ydDpwcmV2LW1pbm9yIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
## Summary
Changes how we use lookup indices so that they are now space aware, in
the form
```
`${LOOKUPS_INDEX_PREFIX}${this.spaceId}_${lookupName}`
```
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Fixes a problem [`Bulk adding tags to rules marks some rules as customized and doesn't mark other rules as customized. It looks like it depends on the existence of the base version.`](https://github.com/elastic/kibana/pull/212761#pullrequestreview-2675994950) discovered while smoke testing after enabling Prebuilt Rules Customization FF.
## Details
The problems manifests as some rules have `Modified` badge missing after modifying tags via bulk actions.
The root cause is that current bulk actions implementation expects unmodified rule's data in `paramsModifier()` callback. But Alerting Framework's Rules Client invokes `paramsModifier()` providing already modified rule. Alerting Framework managed fields like `rule.tags` have modified values.
The fix makes sure rule customizartion state is calculated by using unmodified rule data.
## Screenshots
Before:
https://github.com/user-attachments/assets/eeb65b18-c51f-4c5e-b0e6-6552e442994e
After:
https://github.com/user-attachments/assets/d18d8765-4f40-4513-95a1-2cd84ac2a0a9
## Summary
Trying to fix pipeline failure due to not enough disk space:
```
| 2025-03-12 10:47:33 UTC | Copying cached snapshots from /opt/buildkite-agent/.es-snapshot-cache/cache to .es/cache
| 2025-03-12 10:47:48 UTC | cp: error writing '.es/cache/elasticsearch-9.0.0-SNAPSHOT-linux-x86_64.tar.gz': No space left on device
| 2025-03-12 10:47:48 UTC | cp: error writing '.es/cache/elasticsearch-9.0.0-SNAPSHOT-linux-x86_64.tar.gz.meta': No space left on device
| 2025-03-12 10:47:48 UTC | cp: error writing '.es/cache/elasticsearch-9.1.0-SNAPSHOT-linux-x86_64.tar.gz': No space left on device
| 2025-03-12 10:47:48 UTC | cp: error writing '.es/cache/elasticsearch-9.1.0-SNAPSHOT-linux-x86_64.tar.gz.meta': No space left on device
```
## Summary
Closes - https://github.com/elastic/kibana/issues/166679
## What's included ?
- The PR adds a feature in Logs View of Observability (to start with) to
hide the regular pagination toolbar from the footer and show Load More
only when the user has scrolled to the bottom of the page.
- The table would always load the items in batches of default set 500
- This PR also add 2 helper functions `useThrottleFn` and
`useDebounceFn`. Current React help library which KIbana uses called
-`react-use` does not have these and we cannot use Lodash variant of
these. We need such hooks which are React safe. Hence added these 2
## What's pending ?
- [x] Unit tests for the 2 new helper React hooks
- [x] Unit tests for data table footer component
- [x] Unit tests for Profile Resolution
- [x] Functional Serverless Tests
- [x] Functional Stateful Tests
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Davis McPhee <davismcphee@hotmail.com>
Co-authored-by: Felix Stürmer <weltenwort@users.noreply.github.com>
Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
## Summary
Skipping new tests since it is expecting the functionality not to be
there due to basic/essentials tier license, but the FIPS pipeline runs
with a platinum override and security enabled.
## Summary
Fixes https://github.com/elastic/kibana/issues/213708
Fixes the ghost display. As @nickofthyme pointed out
[here](https://github.com/elastic/kibana/issues/213708#issuecomment-2712076212),
the reason was using inset-inline-start: -10000px for the keyboard
handler that is one of the children of the draggable component. The
quick fix is to just move it outside of the html element that is
dragged. @markov00 please assesswhere it should be merged 🙏🏼
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
- Moving last Home plugin components from `js` to `tsx`
- Adding TS support
- Styling changes/ clean up
- Fixing bugs that were unnoticed without ts support
- Creating or updating unit tests
- shifting from `enzyme` to `testing-library/react`
- removing snapshots in favor of selectors
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [rxjs](https://rxjs.dev)
([source](https://redirect.github.com/reactivex/rxjs)) | dependencies |
patch | [`^7.8.1` ->
`^7.8.2`](https://renovatebot.com/diffs/npm/rxjs/7.8.1/7.8.2) |
---
### Release Notes
<details>
<summary>reactivex/rxjs (rxjs)</summary>
###
[`v7.8.2`](https://redirect.github.com/reactivex/rxjs/compare/7.8.1...e5351d02e225e275ac0e497c7b66eaa5f0c88791)
[Compare
Source](https://redirect.github.com/reactivex/rxjs/compare/7.8.1...e5351d02e225e275ac0e497c7b66eaa5f0c88791)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNvcmUiLCJiYWNrcG9ydDpwcmV2LW1pbm9yIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
---------
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Alejandro Fernández Haro <alejandro.haro@elastic.co>
## Summary
Create monitor configs repository around monitor saved object to make
sure all operations are performed from same class.
This will be helpful when we create a new saved object to support
multiple-spaces !!
### Testing
All unit tests, api tests passing should be more than enough !!
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/213869
Regression introduced in 8.17
(https://github.com/elastic/kibana/pull/200184/)
#### **Fix**
Semantic queries were incorrectly wrapped in a `filter` context,
preventing them from contributing to scoring. This PR removes the
`filter` wrapper so that semantic queries run in query context and
influence ranking.
This also replaces the `semantic` query with a `match` query. This is
necessary because `fieldCaps` api no longer returns `semantic_text` when
filtering with `GET
animals_kb/_field_caps?fields=*&types=semantic_text`. Instead we need to
retrieve text fields and perform the search against all of them.
## Summary
It closes#210715
This PR introduces the No Data Found onboarding screen, which displays
the Asset Inventory Enabled success callout and the Integrations Card
Grid component from Security Onboarding.
Success Callout visibility is stored in local storage for persisting
visibility dismissal, also, the callout is only enabled for the user who
initiated the enablement.
This PR also includes:
- Moving the renderWithTestProvider into a reusable function
- Moving some onboarding test subj to the constants file
- Added the missing test file for the navigation onboarding screen.
**Note:** Customization of the Integrations Card Grid component for
asset inventory will be done in a separate task.
## Recording
https://github.com/user-attachments/assets/e8f4b363-7d31-4bd8-a2d3-d234f4a0b34b
## Summary
Error were not properly propagated to the user and instead of meaningful
message we were displaying just `API Error`.
<img width="1813" alt="Zrzut ekranu 2025-03-11 o 03 47 59"
src="https://github.com/user-attachments/assets/8d059159-f020-4944-a463-b10799e7fa46"
/>
Steps to reproduce, Thank you @andrew-goldstein 🙇
**Desk testing**
To reproduce:
1. In LM Studio, download the `MLX` variant (optimized for Mac) of
`Llama-3.2-3B-Instruct-4bit`:
```
mlx-community/Llama-3.2-3B-Instruct-4bit
```
2. Configure the model to have a context length of `131072` tokens, as
illustrated by the screenshot below:
3. Serve ONLY the model above in LM Studio. (Ensure no other models are
running in LM Studio), as illustrated by the screenshot below:
4. Configure a connector via the details in
<https://www.elastic.co/guide/en/security/current/connect-to-byo-llm.html>
but change:
```
local-model
```
to the name of the model when configuring the connector:
```
llama-3.2-3b-instruct
```
as illustrated by the screenshot below:
5. Generate Attack discoveries
**Expected results**
- Generation does NOT fail with the error described in the later steps
below.
- Progress on generating discoveries is visible in Langsmith, as
illustrated by the screenshot below:
Note: `Llama-3.2-3B-Instruct-4bit` may not reliably generate Attack
discoveries, so generation may still fail after `10` generation /
refinement steps.
6. In LM studio, serve a _second_ model, as illustrated by the
screenshot below:
7. Once again, generate Attack discoveries
**Expected results**
- Generation does NOT fail with the errors below
- Progress on generating discoveries is visible in Langsmith, though as
noted above, generation may still fail after `10` attempts if the model
does not produce output that conforms to the expected schema
**Actual results**
- Generation fails with an error similar to:
```
generate node is unable to parse (openai) response from attempt 0; (this may be an incomplete response from the model): Status code: 400. Message: API Error:
Bad Request: ActionsClientLlm: action result status is error: an error occurred while running the action - Status code: 400. Message: API Error: Bad Request,
```
or
```
generate node is unable to parse (openai) response from attempt 0; (this may be an incomplete response from the model): Status code: 404. Message: API Error: Not Found - Model "llama-3.2-3b-instruct" not found. Please specify a valid model.
```
as illustrated by the following screenshot:
## Summary
related to https://github.com/elastic/kibana/pull/211797
Fixing bootstrap failure in
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34167
```
yarn install and bootstrap, attempt 2
2025-03-11 18:13:27 UTC yarn run v1.22.22
2025-03-11 18:13:27 UTC $ node scripts/kbn bootstrap --force-install
2025-03-11 18:13:27 UTC Kibana should not be run as root. Use --allow-root to continue.
2025-03-11 18:13:27 UTC error Command failed with exit code 1.
2025-03-11 18:13:27 UTC info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
2025-03-11 18:13:28 UTC 🚨 Error: The command exited with status 1
```
