## Summary
Moves constants from the Discover plugin into the `@kbn/discover-utils`
package.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
**Related to: https://github.com/elastic/security-team/issues/7098**
### Summary
- Move Rules Management HTTP API schemas to `/common/api`
- Explicitly define response types for API endpoints
- Remove the `_generate_assets` endpoint as unused
- Minor type fixes
Closes https://github.com/elastic/kibana/issues/162141.
### Changes
- Created an `esLegacyConfigService` to access esConfiguration and get
the hosts (protocol + url + port).
- Initialised the service mentioned using
`core.elasticsearch.legacy.config$`.
- Injected `esLegacyConfigService` as a resource for routes.
- Stop service whenever plugin is stopped.
## Summary
Adds content management api mSearch functionality to `lens`,
`visualization`, and `event_annotation_group` types via abstracted
function and types.
Part of https://github.com/elastic/kibana/issues/161545
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Currently, if you try loading archive with index mappings not having
replica set into stateless ES, it won't work properly: you will get 503
error on calling `GET <index_name>/_stats`:
```
{
"error": {
"root_cause": [
{
"type": "no_shard_available_action_exception",
"reason": null
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "indices-stats",
"node": null,
"reason": {
"type": "no_shard_available_action_exception",
"reason": null
}
}
]
},
"status": 503
}
```
In stateless replica is
[required](https://elastic.slack.com/archives/C037J0RKRAN/p1690218904855299)
in order to perform search requests (the "search shard").
This PR updates index mappings in es_archives with
`"auto_expand_replicas": "0-1"`, in order to be compatible with
stateless ES and so that we can re-use existing data sets rather than
creating new ones.
I checked with Core Team that we should fine to just adapt all mapping
files, but let me know if that doesn't work for you.
The same value is used to create the "real" SO
[indices](c79c09c3d0/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/constants.ts (L21))
in Kibana.
## Summary
This PR versions the `cases` and `comment` domain objects and their
corresponding APIs. It was not possible to do them separately as I got
errors due to circular dependencies.
## Notable Changes
- The `Comment` type was renamed to `Attachment`
- The `Comments` type was renamed to `Attachments`
- The `*CommentRequestRt` type was renamed to `*AttachmentPayload`
- The `CommentType` type was renamed to `AttachmentType`
- The `AttributesType*` type was renamed to `*AttachmentAttributes`
- The `*ResponseTypeUserRt` type was renamed to `*AttachmentRt`
- The word `comment` got replaced with the word `attachment` in all
types
- The `RelatedCaseInfo` type was renamed to `RelatedCase`
- The `CasesByAlertId` type was renamed to
`GetRelatedCasesByAlertResponse`
Depends on: https://github.com/elastic/kibana/pull/161783,
https://github.com/elastic/kibana/pull/162059
### Checklist
Delete any items that do not apply to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Replaces the current JVM runtime metrics dashboard with a more advanced
dashboard (based on the portable dashboards feature).
Additional information (that has not been shown in the previous view):
- memory allocation rate
- Heap usage split by memory pools
<img width="1428" alt="image"
src="c147f9c4-b115-455e-a86e-c288a94e25cb">
<img width="1424" alt="image"
src="3ff8978f-917f-4b5e-bd82-fe3a52fe78c7">
---------
Signed-off-by: Alexander Wert <alexander.wert@elastic.co>
Subset of #161337
Unblocks #162149
## Summary
This PR uses the access 'public' option when registering the `GET
/api/security/logout` and `POST /api/security/saml/callback` APIs. This
will ensure they have public access in serverless, while all other APIs
will default to internal. PR #161672 changes default access of
registered endpoints to 'internal', meaning that API owners have to
explicitly set access: public to pass the API protection restriction.
This PR also adds internal headers to the existing serverless Spaces API
tests. This unblocks the PR to enable API protection in serverless
(#162149).
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
When turning on `server.restrictInternalApis` a number of issues
surfaced due to defaulting to internal resulting in `400`s for:
* HTTP resources
* Static assets via `registerStaticDir`
* Use of `res.render(Html|Js|Css)` outside of HTTP resources
This PR:
* defaults our HTTP resources service to register routes by default
`public`, same for static dirs.
* Did an audit of all renderX usages, if outside of HTTP resources I
added an explicit `access: public`
* ...what else?
### Set `access: 'public'` for known set of "system" routes
Method | Path | Comment
-- | -- | --
GET | /api/status
GET | /api/stats
GET | /translations/{locale}.json
GET | /api/fleet/agent_policies
GET | /api/task_manager/_background_task_utilization
GET | /internal/task_manager/_background_task_utilization
GET | /internal/detection_engine/health/_cluster
POST | /internal/detection_engine/health/_cluster
GET | /internal/detection_engine/health/_space
POST | /internal/detection_engine/health/_space
POST | /internal/detection_engine/health/_rule
POST | /internal/detection_engine/health/_setup
GET | /bootstrap.js
GET | /bootstrap-anonymous.js
GET | \*\*/bundles/\* | Core's routes for serving JS & CSS bundles
## How to test
Run this PR with `kibana.dev.yml` containing
`server.restrictInternalApis: true` and navigate around Kibana UI
checking that there are no `400`s in the network resources tab due to
access restrictions.
## Notes
* Either left a comment about why `access` was set public or a simple
unit test to check that we are setting access for a given route
## To do
- [x] Manually test Kibana
- [x] Manually test with `interactiveSetup` plugin
- [ ] Add integration and e2e test (will do in a follow up PR)
Related: https://github.com/elastic/kibana/pull/162149
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/162215
## Summary
This PR changes the default session idle timeout for users to 3 days.
## Changes Made
- Updated default `session.idleTimeout` to `3d`.
- Updated tests to expect the new default timeout
- Updated asciidocs to match the above change
## Release notes
Change the default value of `session.idleTimeout` from 8 hours to 3
days.
## Summary
Add PLI authorization checks for Entity Analytics features.
*This PR only restricts access to the features* but doesn't implement
PLG/Upselling. It will be added later when we have defined the UX for
it.
The `advancedInsights` PLI was already configured, so I only had to add
extra checks to make sure users can't see the Risk score on other
components.
Updated components:
* "All hosts" table on the Hosts page
* "All users" table on the Users page
* Host overview on the Host details page and Host details flyout
* User overview on the User details page and User details flyout
* Alerts flyout
* Remove sample Upselling components config
### Not included
* Upselling/PLG
* I left empty tabs/pages where the Upselling component will be added
### How to test it?
#### ESS
* Run ESS with a basic license
* Run ESS with a platinum
#### Serverless
* Run Serverless with security essentials (serverless.security.yml)
```
xpack.serverless.security.productTypes:
[
{ product_line: 'security', product_tier: 'essentials' }
]
```
* Run Serverless with security complete
(kibana/config/serverless.security.yml)
```
xpack.serverless.security.productTypes:
[
{ product_line: 'security', product_tier: 'complete' },
]
```
1ab84134-bee1-497c-9b41-a9ec398bd921
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Connected to https://github.com/elastic/kibana/issues/146945
This PR updates API docs for
Description | Limit | Done? | Documented? | UI?
-- | -- | -- | -- | --
Total assignees per case | 10 | ✅ | Yes | ✅
Maximum number of cases/user actions/comments returned from the API |
10.000 | ✅ | Yes | N/A
Total number of cases by alert ID returned from the API | 10.000 | ✅ |
Yes | N/A
Total number of tags returned from the API | 10.000 | ✅ | Yes | N/A
Total number of reporters returned from the API | 10.000 | ✅ | Yes | N/A
### Checklist
Delete any items that are not applicable to this PR.
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: lcawl <lcawley@elastic.co>
## Summary
issue: Dashboard control was not rendered in Security dashboard page.
**Steps to verify:**
1. Import this dashboard to /app/management/kibana/object
[dashboard.zip](12163666/dashboard.zip)
2. Go to Security dashboard list and select this dashboard.
3. Observe the control should be there.
<img width="2546" alt="Screenshot 2023-07-25 at 17 43 11"
src="ba4e9c09-19b7-40ed-ab22-4835c6b3c765">
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Implementation of serverless-specific pages within the Unified IA
Navigation.
#### Links implemented:
- `Machine Learning`
- Landing page created on serverless only
- All links in the landing page go to `/ml` app
- `Dev Tools`
- Links directly to `/dev_tools` app
#### Links not implemented:
```// TODO: in a follow-up PR```
- Project Settings
- Change the _Settings_ name by _Project Settings_
- Modify the landing page items according to the design
## Changes
### Plugin contract changes
The Machine Learning landing page is the first page that is only available on serverless and should not exist in ess (there are more of this kind in the pipeline), so this PR implements the foundations to enable the _security_solution_serverless_ plugin to implement its own page components, configure the link definition and create new routes to render them in the Security Solution application.
These new APIs can be called from either `security_solution_serverless` or `security_solution_ess`, allowing those plugins to have their own offering-specific pages.
The new APIs exposed in the security_solution public contract are the following:
- `extraAppLinks$`: Observable to add extra app_links into the application links configuration, so they are stored and included in the SecuritySolution plugin `deepLinks` registry, to make them accessible from anywhere in the application using the `chrome.navLinks` API.
- `extraRoutes$`: Observable to add extra routes into the main Router, so it can render the new page components. These additional routes are appended after the "sub-plugin" (_alerts_, _timeline_, ...) routes, so it is not possible to override an existing route path.
### New `security-solution-navigation` package
Since now we need to use the same navigation components and hooks in different plugins, these functionalities have been extracted to the `@kbn/security-solution-navigation` package, which all Security plugins will depend on (generic, serverless, and ess).
The modules exposed by this package have been extracted from the main security_solution plugin and standardized. They include the Landing pages components (new [storybook](https://ci-artifacts.kibana.dev/storybooks/pr-161667/394abe76676c6a76b2982c1d3f5bb675739c3477/security_solution_packages/index.html?path=/story/landing-links-landing-links-icons-categories--landing-links-icons-categories) available), navigation hooks, and link utilities. Also, some types and constants have been moved to this package.
A new context provider has also been created, which needs to be in place in order to use this package. The `<NavigationProvider core={core}>` is required for the package functionalities to have access to the Kibana core navigation APIs: `navigateToUrl`, `navigateToApp`, and `getUrlForApp`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: YulNaumenko <jo.naumenko@gmail.com>
**Epic:** https://github.com/elastic/kibana/issues/153633
**Partially addresses:** https://github.com/elastic/kibana/issues/153645
## Summary
This PR builds upon https://github.com/elastic/kibana/pull/161900 and
moves tests located in the `e2e/detection_rules` folder into
`e2e/detection_response` and splits them into multiple sub-folders
according to the Detection Engine subdomains we have. It also updates
the CODEOWNERS file accordingly.
<img width="451" alt="Screenshot 2023-07-25 at 21 03 08"
src="fb6052c9-3c5d-4547-98f1-61f44b9f7187">
## Details
Specifically, changes in this PR include:
- The `e2e/detections_response` folder was renamed to
`e2e/detection_response`.
- The `e2e/detections_response/bulk_actions` folder became
`e2e/detection_response/rule_management/rule_actions/bulk_actions`.
- Cypress tests for rule types (which actually test rule creation for
different rule types) were moved to
`e2e/detection_response/rule_creation`.
- The CODEOWNERS file was updated.
Things not addressed in this PR:
- No ownership was assigned for `e2e/detection_response/rule_actions`.
Will need to figure this out with @yctercero.
- No restructuring was done for `security_solution/cypress/screens` and
`security_solution/cypress/tasks`. Will be done in follow-up PRs.
- No refactoring was done for the tests themselves. Some of this work is
also upcoming.
The full file structure of the `detection_response` tests looks like
this:
<img width="452" alt="Screenshot 2023-07-25 at 21 03 44"
src="2b89c6d2-9f2d-4cf6-914f-a71c3fa93595">
- Closes https://github.com/elastic/kibana/issues/160993
## Summary
This PR introduces `dataView.toMinimalSpec()` which is used now in 3
cases:
- when constructing an alert link
- when constructing a share URL for ad-hoc data views
- when constructing search session info for ad-hoc data views
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
When you have a text based visualization in a dashboard and you click to
edit it, then the unsaved changes badge appears.
What happens is we create store, and then we run loadInitial action with
the data from the attributes and then the store gets the state from
those attributes and pushes the change to the new updater middleware
with exactly the same data. It doesn’t affect visualization in any way
as the state is correct, but the dashboard thinks there were some
changes.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
### Context:
`TopN`components need the application context to work. So, `showTopN`
actions wrap the `TopN` component on a custom copy of the entire
application context. That is very error-prone and not performative.
### Solution:
* Create a service that the actions have access to
* Update the action code to call the service
* Move the rendering of `TopN` to the App rendering tree and listen to
the service for changes
### How to test it?
* Hover fields and use `showTopN` actions on different pages
<img width="400" alt="Screenshot 2023-07-10 at 16 41 13"
src="442c8c94-37c2-4cc3-a101-ca310d956670">
<img width="400" alt="Screenshot 2023-07-10 at 16 40 38"
src="b82e4188-8649-427d-9282-6d6911c8823e">
<img width="400" alt="Screenshot 2023-07-10 at 16 40 18"
src="497786ae-0136-4225-8230-399182e5a0b8">
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
- Added Search Applications & Behavioral Analytics product cards
- Removed Search Experiences from page side nav
- Hid ESRE & Search Experiences from global Kibana nav
- moved Vector Search above ESRE in page nav
- Re-ordered Kibana nav items per product & design requests.
### Screenshots
Resolves https://github.com/elastic/kibana/issues/161595
## Summary
Captures changes in the editor when copying/pasting in values.
### To verify
- Create a new Es Query rule using DSL
- Paste runtime mappings in your query and don't type anything else in
the editor
- Verify that the runtime fields are listed in the group by or aggregate
over options below the query
Connected to https://github.com/elastic/kibana/issues/146945
## Summary
| Description | Limit | Done? | Documented?
| ------------- | ---- | :---: | ---- |
| Total number of attachments (external references and persistable
state) per case | 100 | ✅ | No |
### Checklist
Delete any items that are not applicable to this PR.
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Release Notes
A case can now only have 100 external references and persistable
state(excluding files) attachments combined.
## Summary
There are 2 things refactored in this PR:
1. To make the updates from the config panel update the chart in
discover, we have to run the `onUpdateCb` function in all places where
the state changes in Lens. The problem is that when user adds a new
feature to Lens, this is a potential source of sync bugs. We cannot test
this behaviour with the way it's written now to avoid these bugs. My
approach here changes the updates to a running a custom middleware every
time the store state updates. I had to exclude some initialization
actions to not end up in infinite loop updates (there's probably a
better approach instead of excluding I haven't thought of yet). Another
argument to do it this way is a performance improvement inside Lens
component where we had to sometimes get all the store to make an
`onUpdateCb` call.
2. the `useChartConfigPanel` hook should not really be a hook but a
component as it is a component (returns JSX.Element, displays UI based
on props) so I refactored it to `ChartConfigPanel`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
First step for https://github.com/elastic/security-team/issues/6677
Aim of this PR is embed Discover in Security Solution. Discover must be
embedded as a complete app with certain set of capabilities working. The
set capabilities that need to working are listed here :
https://github.com/elastic/security-team/issues/6673
Release notes should be based on
https://github.com/elastic/security-team/issues/6673
### ⚠️ Note
- These changes are only available in serverless mode of security
solution behind a feature-flag called `discoverInTimeline`. Adds below
options to `serverless.security.yml`:
```yaml
# Serverless security specific options
xpack.securitySolution.enableExperimental:
- discoverInTimeline
```
You can use below command to run serverless instance of security
solution :
```bash
yarn serverless-security
```
This Implements following changes for each plugin.
### Discover
1. Exports Discover App as Lazy component.
2. Ability to override Discover Services.
3. Adds a parameter `mode` which switches off/on certain options based
on the `mode`. `Mode` has possible values of `embedded` and
`standalone`. For example, `embedded` switches off Discover breadcrumb
syncing, because consuming app may not need it.
### Unified Search
1. Ability to export a Search bar with custom depedency instances.
2. For example, today Unified Search uses a singleton global
`dataService` which store global KQL filters and queries. This
customization, let consumers of unified search to pass a new instance of
`dataService`.
4. Please see below diagram for more clarity.
### Navigation
1. Ability to export a custom stateful TopNav Menu which includes:
- DataView picker
- KQL Search Bar
- TimeRange Selector
2. Currently navigation consumes an instance of unified service which
uses a global singleton `data` service.
3. This PR creates a new instance of unified search which is then passed
to navigation to get a custom instance of `TopNav` Menu.
### Security Solution
1. Imports Discover Container Component
2. Uses customization point to pass a custom query bar.
3. Implements Custom KQL Query Bar with below customizations
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
