76 commits

Author	SHA1	Message	Date
Gerard Soldevila	33c18c72fa	Sustainable Kibana Architecture: Move modules owned by @elastic/security-threat-hunting-investigations (#202855) ... ## Summary This PR aims at relocating some of the Kibana modules (plugins and packages) into a new folder structure, according to the _Sustainable Kibana Architecture_ initiative. > [!IMPORTANT] > * We kindly ask you to: > * Manually fix the errors in the error section below (if there are any). > * Search for the `packages[\/\\]` and `plugins[\/\\]` patterns in the source code (Babel and Eslint config files), and update them appropriately. > * Manually review `.buildkite/scripts/pipelines/pull_request/pipeline.ts` to ensure that any CI pipeline customizations continue to be correctly applied after the changed path names > * Review all of the updated files, specially the `.ts` and `.js` files listed in the sections below, as some of them contain relative paths that have been updated. > * Think of potential impact of the move, including tooling and configuration files that can be pointing to the relocated modules. E.g.: > * customised eslint rules > * docs pointing to source code > [!NOTE] > * This PR has been auto-generated. > * Any manual contributions will be lost if the 'relocate' script is re-run. > * Try to obtain the missing reviews / approvals before applying manual fixes, and/or keep your changes in a .patch / git stash. > * Please use [#sustainable_kibana_architecture](https://elastic.slack.com/archives/C07TCKTA22E) Slack channel for feedback. #### 2 plugin(s) are going to be relocated: | Id | Target folder | | -- | ------------- | | `@kbn/threat-intelligence-plugin` | `x-pack/solutions/security/plugins/threat_intelligence` | | `@kbn/timelines-plugin` | `x-pack/solutions/security/plugins/timelines` | #### 2 packages(s) are going to be relocated: | Id | Target folder | | -- | ------------- | | `@kbn/expandable-flyout` | `x-pack/solutions/security/packages/kbn-expandable-flyout` | | `@kbn/securitysolution-data-table` | `x-pack/solutions/security/packages/data_table` | Co-authored-by: PhilippeOberti <philippe.oberti@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-12-12 16:22:03 -06:00
Gerard Soldevila	5dee9994c9	Sustainable Kibana Architecture: Move modules owned by @elastic/obs-ux-management-team (#202832) ... ## Summary This PR aims at relocating some of the Kibana modules (plugins and packages) into a new folder structure, according to the _Sustainable Kibana Architecture_ initiative. > [!IMPORTANT] > * We kindly ask you to: > * Manually fix the errors in the error section below (if there are any). > * Search for the `packages[\/\\]` and `plugins[\/\\]` patterns in the source code (Babel and Eslint config files), and update them appropriately. > * Manually review `.buildkite/scripts/pipelines/pull_request/pipeline.ts` to ensure that any CI pipeline customizations continue to be correctly applied after the changed path names > * Review all of the updated files, specially the `.ts` and `.js` files listed in the sections below, as some of them contain relative paths that have been updated. > * Think of potential impact of the move, including tooling and configuration files that can be pointing to the relocated modules. E.g.: > * customised eslint rules > * docs pointing to source code > [!NOTE] > This PR has been auto-generated. > Do not attempt to push any changes unless you know what you are doing. > Please use [#sustainable_kibana_architecture](https://elastic.slack.com/archives/C07TCKTA22E) Slack channel for feedback. #### 8 plugin(s) are going to be relocated: | Id | Target folder | | -- | ------------- | | `@kbn/exploratory-view-plugin` | `x-pack/solutions/observability/plugins/exploratory_view` | | `@kbn/investigate-app-plugin` | `x-pack/solutions/observability/plugins/investigate_app` | | `@kbn/investigate-plugin` | `x-pack/solutions/observability/plugins/investigate` | | `@kbn/observability-plugin` | `x-pack/solutions/observability/plugins/observability` | | `@kbn/serverless-observability` | `x-pack/solutions/observability/plugins/serverless_observability` | | `@kbn/slo-plugin` | `x-pack/solutions/observability/plugins/slo` | | `@kbn/synthetics-plugin` | `x-pack/solutions/observability/plugins/synthetics` | | `@kbn/uptime-plugin` | `x-pack/solutions/observability/plugins/uptime` | #### 10 package(s) are going to be relocated: | Id | Target folder | | -- | ------------- | | `@kbn/data-forge` | `x-pack/platform/packages/shared/kbn-data-forge` | | `@kbn/deeplinks-observability` | `src/platform/packages/shared/deeplinks/observability` | | `@kbn/infra-forge` | `x-pack/platform/packages/private/kbn-infra-forge` | | `@kbn/investigation-shared` | `x-pack/solutions/observability/packages/kbn-investigation-shared` | | `@kbn/observability-alert-details` | `x-pack/solutions/observability/packages/alert_details` | | `@kbn/observability-alerting-rule-utils` | `x-pack/platform/packages/shared/observability/alerting_rule_utils` | | `@kbn/observability-alerting-test-data` | `x-pack/solutions/observability/packages/alerting_test_data` | | `@kbn/observability-get-padded-alert-time-range-util` | `x-pack/solutions/observability/packages/get_padded_alert_time_range_util` | | `@kbn/observability-synthetics-test-data` | `x-pack/solutions/observability/packages/synthetics_test_data` | | `@kbn/slo-schema` | `x-pack/platform/packages/shared/kbn-slo-schema` | <details> <summary>Updated references</summary> ``` ./.buildkite/ftr_oblt_stateful_configs.yml ./.buildkite/pipelines/on_merge_unsupported_ftrs.yml ./.buildkite/pipelines/pull_request/exploratory_view_plugin.yml ./.buildkite/pipelines/pull_request/slo_plugin_e2e.yml ./.buildkite/pipelines/pull_request/synthetics_plugin.yml ./.buildkite/pipelines/pull_request/uptime_plugin.yml ./.buildkite/scripts/steps/functional/exploratory_view_plugin.sh ./.buildkite/scripts/steps/functional/slo_plugin_e2e.sh ./.buildkite/scripts/steps/functional/synthetics.sh ./.buildkite/scripts/steps/functional/synthetics_plugin.sh ./.buildkite/scripts/steps/functional/uptime_plugin.sh ./.eslintrc.js ./.github/paths-labeller.yml ./.i18nrc.json ./docs/developer/plugin-list.asciidoc ./oas_docs/overlays/alerting.overlays.yaml ./oas_docs/scripts/merge_ess_oas.js ./oas_docs/scripts/merge_serverless_oas.js ./package.json ./packages/kbn-eslint-plugin-i18n/helpers/get_i18n_identifier_from_file_path.test.ts ./packages/kbn-eslint-plugin-i18n/rules/formatted_message_should_start_with_the_right_id.test.ts ./packages/kbn-eslint-plugin-i18n/rules/i18n_translate_should_start_with_the_right_id.test.ts ./packages/kbn-eslint-plugin-i18n/rules/strings_should_be_translated_with_formatted_message.test.ts ./packages/kbn-eslint-plugin-i18n/rules/strings_should_be_translated_with_i18n.test.ts ./packages/kbn-eslint-plugin-telemetry/helpers/get_app_name.test.ts ./packages/kbn-repo-packages/package-map.json ./packages/kbn-ts-projects/config-paths.json ./src/dev/storybook/aliases.ts ./src/platform/packages/shared/deeplinks/observability/jest.config.js ./src/plugins/guided_onboarding/README.md ./tsconfig.base.json ./x-pack/.i18nrc.json ./x-pack/platform/packages/private/kbn-infra-forge/jest.config.js ./x-pack/platform/packages/shared/kbn-data-forge/jest.config.js ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_hosts/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_logs/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/admin_console/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/heartbeat/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/message_processor/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/mongodb/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/nginx_proxy/ecs/generate.sh ./x-pack/platform/packages/shared/kbn-slo-schema/jest.config.js ./x-pack/platform/packages/shared/observability/alerting_rule_utils/jest.config.js ./x-pack/plugins/observability_solution/observability/dev_docs/custom_threshold.md ./x-pack/plugins/observability_solution/slo/dev_docs/slo.md ./x-pack/plugins/observability_solution/uptime/.buildkite/pipelines/flaky.sh ./x-pack/plugins/observability_solution/uptime/README.md ./x-pack/plugins/observability_solution/uptime/e2e/README.md ./x-pack/solutions/observability/packages/alert_details/jest.config.js ./x-pack/solutions/observability/packages/alerting_test_data/jest.config.js ./x-pack/solutions/observability/packages/get_padded_alert_time_range_util/jest.config.js ./x-pack/solutions/observability/packages/kbn-investigation-shared/jest.config.js ./x-pack/solutions/observability/packages/synthetics_test_data/jest.config.js ./x-pack/solutions/observability/plugins/exploratory_view/README.md ./x-pack/solutions/observability/plugins/exploratory_view/e2e/README.md ./x-pack/solutions/observability/plugins/exploratory_view/jest.config.js ./x-pack/solutions/observability/plugins/investigate/jest.config.js ./x-pack/solutions/observability/plugins/investigate_app/jest.config.js ./x-pack/solutions/observability/plugins/observability/jest.config.js ./x-pack/solutions/observability/plugins/slo/docs/openapi/slo/README.md ./x-pack/solutions/observability/plugins/slo/jest.config.js ./x-pack/solutions/observability/plugins/synthetics/.buildkite/pipelines/flaky.sh ./x-pack/solutions/observability/plugins/synthetics/README.md ./x-pack/solutions/observability/plugins/synthetics/e2e/README.md ./x-pack/solutions/observability/plugins/synthetics/jest.config.js ./x-pack/solutions/observability/plugins/uptime/e2e/README.md ./x-pack/solutions/observability/plugins/uptime/jest.config.js ./yarn.lock ``` </details> <details> <summary>Updated relative paths</summary> ``` src/platform/packages/shared/deeplinks/observability/jest.config.js:12 src/platform/packages/shared/deeplinks/observability/tsconfig.json:2 x-pack/platform/packages/private/kbn-infra-forge/jest.config.js:10 x-pack/platform/packages/private/kbn-infra-forge/tsconfig.json:2 x-pack/platform/packages/shared/kbn-data-forge/jest.config.js:10 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_hosts/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_logs/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/admin_console/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/heartbeat/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/message_processor/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/mongodb/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/src/data_sources/fake_stack/nginx_proxy/ecs/generate.sh:3 x-pack/platform/packages/shared/kbn-data-forge/tsconfig.json:2 x-pack/platform/packages/shared/kbn-slo-schema/jest.config.js:10 x-pack/platform/packages/shared/kbn-slo-schema/tsconfig.json:2 x-pack/platform/packages/shared/observability/alerting_rule_utils/jest.config.js:10 x-pack/platform/packages/shared/observability/alerting_rule_utils/tsconfig.json:2 x-pack/solutions/observability/packages/alert_details/jest.config.js:10 x-pack/solutions/observability/packages/alert_details/tsconfig.json:2 x-pack/solutions/observability/packages/alerting_test_data/jest.config.js:10 x-pack/solutions/observability/packages/alerting_test_data/tsconfig.json:2 x-pack/solutions/observability/packages/get_padded_alert_time_range_util/jest.config.js:10 x-pack/solutions/observability/packages/get_padded_alert_time_range_util/tsconfig.json:2 x-pack/solutions/observability/packages/kbn-investigation-shared/jest.config.js:12 x-pack/solutions/observability/packages/kbn-investigation-shared/tsconfig.json:2 x-pack/solutions/observability/packages/synthetics_test_data/jest.config.js:10 x-pack/solutions/observability/packages/synthetics_test_data/tsconfig.json:2 x-pack/solutions/observability/plugins/exploratory_view/e2e/README.md:13 x-pack/solutions/observability/plugins/exploratory_view/e2e/synthetics_run.ts:28 x-pack/solutions/observability/plugins/exploratory_view/e2e/synthetics_run.ts:33 x-pack/solutions/observability/plugins/exploratory_view/e2e/tasks/es_archiver.ts:19 x-pack/solutions/observability/plugins/exploratory_view/e2e/tasks/es_archiver.ts:27 x-pack/solutions/observability/plugins/exploratory_view/e2e/tasks/es_archiver.ts:34 x-pack/solutions/observability/plugins/exploratory_view/e2e/tsconfig.json:2 x-pack/solutions/observability/plugins/exploratory_view/jest.config.js:10 x-pack/solutions/observability/plugins/exploratory_view/public/components/shared/exploratory_view/README.md:116 x-pack/solutions/observability/plugins/exploratory_view/public/components/shared/exploratory_view/README.md:156 x-pack/solutions/observability/plugins/exploratory_view/public/components/shared/exploratory_view/README.md:161 x-pack/solutions/observability/plugins/exploratory_view/tsconfig.json:2 x-pack/solutions/observability/plugins/exploratory_view/tsconfig.json:6 x-pack/solutions/observability/plugins/investigate/jest.config.js:10 x-pack/solutions/observability/plugins/investigate/tsconfig.json:2 x-pack/solutions/observability/plugins/investigate/tsconfig.json:7 x-pack/solutions/observability/plugins/investigate_app/jest.config.js:10 x-pack/solutions/observability/plugins/investigate_app/tsconfig.json:2 x-pack/solutions/observability/plugins/investigate_app/tsconfig.json:7 x-pack/solutions/observability/plugins/observability/dev_docs/custom_threshold.md:10 x-pack/solutions/observability/plugins/observability/dev_docs/custom_threshold.md:36 x-pack/solutions/observability/plugins/observability/dev_docs/feature_flags.md:14 x-pack/solutions/observability/plugins/observability/jest.config.js:10 x-pack/solutions/observability/plugins/observability/tsconfig.json:12 x-pack/solutions/observability/plugins/observability/tsconfig.json:2 x-pack/solutions/observability/plugins/serverless_observability/package.json:8 x-pack/solutions/observability/plugins/serverless_observability/package.json:9 x-pack/solutions/observability/plugins/serverless_observability/tsconfig.json:12 x-pack/solutions/observability/plugins/serverless_observability/tsconfig.json:2 x-pack/solutions/observability/plugins/slo/dev_docs/slo.md:11 x-pack/solutions/observability/plugins/slo/e2e/tsconfig.json:2 x-pack/solutions/observability/plugins/slo/jest.config.js:10 x-pack/solutions/observability/plugins/slo/tsconfig.json:10 x-pack/solutions/observability/plugins/slo/tsconfig.json:2 x-pack/solutions/observability/plugins/synthetics/e2e/tasks/es_archiver.ts:19 x-pack/solutions/observability/plugins/synthetics/e2e/tasks/es_archiver.ts:27 x-pack/solutions/observability/plugins/synthetics/e2e/tasks/es_archiver.ts:34 x-pack/solutions/observability/plugins/synthetics/e2e/tsconfig.json:2 x-pack/solutions/observability/plugins/synthetics/jest.config.js:10 x-pack/solutions/observability/plugins/synthetics/tsconfig.json:12 x-pack/solutions/observability/plugins/synthetics/tsconfig.json:2 x-pack/solutions/observability/plugins/uptime/e2e/tasks/es_archiver.ts:19 x-pack/solutions/observability/plugins/uptime/e2e/tasks/es_archiver.ts:27 x-pack/solutions/observability/plugins/uptime/e2e/tasks/es_archiver.ts:34 x-pack/solutions/observability/plugins/uptime/e2e/tasks/read_kibana_config.ts:15 x-pack/solutions/observability/plugins/uptime/e2e/tsconfig.json:2 x-pack/solutions/observability/plugins/uptime/jest.config.js:10 x-pack/solutions/observability/plugins/uptime/tsconfig.json:13 x-pack/solutions/observability/plugins/uptime/tsconfig.json:2 ``` </details> <details> <summary>Script errors</summary> ``` Cannot replace multiple occurrences of "../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/exploratory_view/e2e/tasks/es_archiver.ts:19 Cannot replace multiple occurrences of "../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/exploratory_view/e2e/tasks/es_archiver.ts:27 Cannot replace multiple occurrences of "../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/exploratory_view/e2e/tasks/es_archiver.ts:34 Cannot replace multiple occurrences of "../../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/observability/dev_docs/feature_flags.md:14 Cannot replace multiple occurrences of "../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/synthetics/e2e/tasks/es_archiver.ts:19 Cannot replace multiple occurrences of "../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/synthetics/e2e/tasks/es_archiver.ts:27 Cannot replace multiple occurrences of "../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/synthetics/e2e/tasks/es_archiver.ts:34 Cannot replace multiple occurrences of "../../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/uptime/e2e/tasks/es_archiver.ts:19 Cannot replace multiple occurrences of "../../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/uptime/e2e/tasks/es_archiver.ts:27 Cannot replace multiple occurrences of "../../../.." in the same line, please fix manually: /Users/gsoldevila/Work/kibana-tertiary/x-pack/solutions/observability/plugins/uptime/e2e/tasks/es_archiver.ts:34 ``` </details> --------- Co-authored-by: shahzad31 <shahzad31comp@gmail.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-12-12 14:28:21 -06:00
Rodney Norris	ebb4f503a5	[Search] Inference Endpoints - Align rendering to plugin (#203313) ... ## Summary This PR removes rendering of the Inference Endpoints UI from `enterprise_search` for stack and instead utilizes the `search_inference_endpoints` plugin to render the UI for both serverless and stack. This can be done by utilizing the `search_navigation` plugin for rendering the classic navigation for stack. To support this change the `xpack.searchInferenceEndpoints.ui.enabled` was updated to default to `true` instead of only being set for serverless search. To account for this change I have added `xpack.searchInferenceEndpoints.enabled: false` to the serverless configs for both security and observability to ensure the `search_inference_endpoints` plugin is disabled in both of those projects. ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>	2024-12-09 12:36:16 -06:00
Gerard Soldevila	58b8b47928	Sustainable Kibana Architecture: Move modules owned by @elastic/ml-ui (#202764) ... ## Summary This PR aims at relocating some of the Kibana modules (plugins and packages) into a new folder structure, according to the _Sustainable Kibana Architecture_ initiative. > [!IMPORTANT] > * We kindly ask you to: > * Manually fix the errors in the error section below (if there are any). > * Search for the `packages[\/\\]` and `plugins[\/\\]` patterns in the source code (Babel and Eslint config files), and update them appropriately. > * Manually review `.buildkite/scripts/pipelines/pull_request/pipeline.ts` to ensure that any CI pipeline customizations continue to be correctly applied after the changed path names > * Review all of the updated files, specially the `.ts` and `.js` files listed in the sections below, as some of them contain relative paths that have been updated. > * Think of potential impact of the move, including tooling and configuration files that can be pointing to the relocated modules. E.g.: > * customised eslint rules > * docs pointing to source code > [!NOTE] > This PR has been auto-generated. > Do not attempt to push any changes unless you know what you are doing. > Please use [#sustainable_kibana_architecture](https://elastic.slack.com/archives/C07TCKTA22E) Slack channel for feedback. #### 4 plugin(s) are going to be relocated: | Id | Target folder | | -- | ------------- | | `@kbn/aiops-plugin` | `x-pack/platform/plugins/shared/aiops` | | `@kbn/data-visualizer-plugin` | `x-pack/platform/plugins/private/data_visualizer` | | `@kbn/ml-plugin` | `x-pack/platform/plugins/shared/ml` | | `@kbn/transform-plugin` | `x-pack/platform/plugins/private/transform` | #### 42 package(s) are going to be relocated: | Id | Target folder | | -- | ------------- | | `@kbn/aiops-change-point-detection` | `x-pack/platform/packages/private/ml/aiops_change_point_detection` | | `@kbn/aiops-common` | `x-pack/platform/packages/shared/ml/aiops_common` | | `@kbn/aiops-components` | `x-pack/platform/packages/private/ml/aiops_components` | | `@kbn/aiops-log-pattern-analysis` | `x-pack/platform/packages/shared/ml/aiops_log_pattern_analysis` | | `@kbn/aiops-log-rate-analysis` | `x-pack/platform/packages/shared/ml/aiops_log_rate_analysis` | | `@kbn/aiops-test-utils` | `x-pack/platform/packages/private/ml/aiops_test_utils` | | `@kbn/deeplinks-ml` | `src/platform/packages/shared/deeplinks/ml` | | `@kbn/default-nav-ml` | `src/platform/packages/private/default-nav/ml` | | `@kbn/inference_integration_flyout` | `x-pack/platform/packages/private/ml/inference_integration_flyout` | | `@kbn/json-schemas` | `x-pack/platform/packages/private/ml/json_schemas` | | `@kbn/ml-agg-utils` | `x-pack/platform/packages/private/ml/agg_utils` | | `@kbn/ml-anomaly-utils` | `x-pack/platform/packages/shared/ml/anomaly_utils` | | `@kbn/ml-cancellable-search` | `x-pack/platform/packages/private/ml/cancellable_search` | | `@kbn/ml-category-validator` | `x-pack/platform/packages/private/ml/category_validator` | | `@kbn/ml-chi2test` | `x-pack/platform/packages/shared/ml/chi2test` | | `@kbn/ml-creation-wizard-utils` | `x-pack/platform/packages/private/ml/creation_wizard_utils` | | `@kbn/ml-data-frame-analytics-utils` | `x-pack/platform/packages/private/ml/data_frame_analytics_utils` | | `@kbn/ml-data-grid` | `x-pack/platform/packages/private/ml/data_grid` | | `@kbn/ml-data-view-utils` | `x-pack/platform/packages/private/ml/data_view_utils` | | `@kbn/ml-date-picker` | `x-pack/platform/packages/private/ml/date_picker` | | `@kbn/ml-date-utils` | `x-pack/platform/packages/private/ml/date_utils` | | `@kbn/ml-error-utils` | `x-pack/platform/packages/shared/ml/error_utils` | | `@kbn/ml-field-stats-flyout` | `x-pack/platform/packages/private/ml/field_stats_flyout` | | `@kbn/ml-in-memory-table` | `x-pack/platform/packages/private/ml/in_memory_table` | | `@kbn/ml-is-defined` | `x-pack/platform/packages/private/ml/is_defined` | | `@kbn/ml-is-populated-object` | `x-pack/platform/packages/private/ml/is_populated_object` | | `@kbn/ml-kibana-theme` | `x-pack/platform/packages/private/ml/kibana_theme` | | `@kbn/ml-local-storage` | `x-pack/platform/packages/private/ml/local_storage` | | `@kbn/ml-nested-property` | `x-pack/platform/packages/private/ml/nested_property` | | `@kbn/ml-number-utils` | `x-pack/platform/packages/private/ml/number_utils` | | `@kbn/ml-parse-interval` | `x-pack/platform/packages/private/ml/parse_interval` | | `@kbn/ml-query-utils` | `x-pack/platform/packages/private/ml/query_utils` | | `@kbn/ml-random-sampler-utils` | `x-pack/platform/packages/shared/ml/random_sampler_utils` | | `@kbn/ml-response-stream` | `x-pack/platform/packages/shared/ml/response_stream` | | `@kbn/ml-route-utils` | `x-pack/platform/packages/private/ml/route_utils` | | `@kbn/ml-runtime-field-utils` | `x-pack/platform/packages/shared/ml/runtime_field_utils` | | `@kbn/ml-string-hash` | `x-pack/platform/packages/private/ml/string_hash` | | `@kbn/ml-time-buckets` | `x-pack/platform/packages/private/ml/time_buckets` | | `@kbn/ml-trained-models-utils` | `x-pack/platform/packages/shared/ml/trained_models_utils` | | `@kbn/ml-ui-actions` | `x-pack/platform/packages/private/ml/ui_actions` | | `@kbn/ml-url-state` | `x-pack/platform/packages/private/ml/url_state` | | `@kbn/ml-validators` | `x-pack/platform/packages/private/ml/validators` | <details> <summary>Updated references</summary> ``` ./.eslintrc.js ./docs/developer/plugin-list.asciidoc ./docs/redirects.asciidoc ./oas_docs/scripts/merge_ess_oas.js ./oas_docs/scripts/merge_serverless_oas.js ./package.json ./packages/kbn-repo-packages/package-map.json ./packages/kbn-synthetic-package-map/synthetic-packages.json ./packages/kbn-ts-projects/config-paths.json ./src/platform/packages/private/default-nav/ml/jest.config.js ./src/platform/packages/shared/deeplinks/ml/jest.config.js ./tsconfig.base.json ./tsconfig.refs.json ./x-pack/.i18nrc.json ./x-pack/packages/security-solution/navigation/src/constants.ts ./x-pack/platform/packages/private/ml/agg_utils/jest.config.js ./x-pack/platform/packages/private/ml/aiops_change_point_detection/jest.config.js ./x-pack/platform/packages/private/ml/aiops_components/jest.config.js ./x-pack/platform/packages/private/ml/aiops_test_utils/jest.config.js ./x-pack/platform/packages/private/ml/cancellable_search/jest.config.js ./x-pack/platform/packages/private/ml/category_validator/jest.config.js ./x-pack/platform/packages/private/ml/creation_wizard_utils/jest.config.js ./x-pack/platform/packages/private/ml/data_frame_analytics_utils/jest.config.js ./x-pack/platform/packages/private/ml/data_grid/jest.config.js ./x-pack/platform/packages/private/ml/data_view_utils/jest.config.js ./x-pack/platform/packages/private/ml/date_picker/jest.config.js ./x-pack/platform/packages/private/ml/date_utils/jest.config.js ./x-pack/platform/packages/private/ml/field_stats_flyout/jest.config.js ./x-pack/platform/packages/private/ml/in_memory_table/jest.config.js ./x-pack/platform/packages/private/ml/inference_integration_flyout/jest.config.js ./x-pack/platform/packages/private/ml/is_defined/jest.config.js ./x-pack/platform/packages/private/ml/is_populated_object/jest.config.js ./x-pack/platform/packages/private/ml/json_schemas/jest.config.js ./x-pack/platform/packages/private/ml/kibana_theme/jest.config.js ./x-pack/platform/packages/private/ml/local_storage/jest.config.js ./x-pack/platform/packages/private/ml/nested_property/jest.config.js ./x-pack/platform/packages/private/ml/number_utils/jest.config.js ./x-pack/platform/packages/private/ml/parse_interval/jest.config.js ./x-pack/platform/packages/private/ml/query_utils/jest.config.js ./x-pack/platform/packages/private/ml/route_utils/jest.config.js ./x-pack/platform/packages/private/ml/string_hash/jest.config.js ./x-pack/platform/packages/private/ml/time_buckets/jest.config.js ./x-pack/platform/packages/private/ml/ui_actions/jest.config.js ./x-pack/platform/packages/private/ml/url_state/jest.config.js ./x-pack/platform/packages/private/ml/validators/jest.config.js ./x-pack/platform/packages/shared/ml/aiops_common/jest.config.js ./x-pack/platform/packages/shared/ml/aiops_log_pattern_analysis/jest.config.js ./x-pack/platform/packages/shared/ml/aiops_log_rate_analysis/jest.config.js ./x-pack/platform/packages/shared/ml/anomaly_utils/jest.config.js ./x-pack/platform/packages/shared/ml/chi2test/jest.config.js ./x-pack/platform/packages/shared/ml/error_utils/jest.config.js ./x-pack/platform/packages/shared/ml/random_sampler_utils/jest.config.js ./x-pack/platform/packages/shared/ml/response_stream/jest.config.js ./x-pack/platform/packages/shared/ml/runtime_field_utils/jest.config.js ./x-pack/platform/packages/shared/ml/trained_models_utils/jest.config.js ./x-pack/platform/plugins/private/data_visualizer/jest.config.js ./x-pack/platform/plugins/private/transform/jest.config.js ./x-pack/platform/plugins/private/transform/readme.md ./x-pack/platform/plugins/shared/aiops/README.md ./x-pack/platform/plugins/shared/aiops/jest.config.js ./x-pack/platform/plugins/shared/aiops/public/application/utils/build_extended_base_filter_criteria.ts ./x-pack/platform/plugins/shared/aiops/public/application/utils/search_utils.ts ./x-pack/platform/plugins/shared/ml/jest.config.js ./x-pack/platform/plugins/shared/ml/readme.md ./x-pack/plugins/aiops/README.md ./x-pack/plugins/security_solution/common/machine_learning/affected_job_ids.ts ./x-pack/plugins/security_solution/common/machine_learning/helpers.ts ./yarn.lock ``` </details> <details> <summary>Updated relative paths</summary> ``` src/platform/packages/private/default-nav/ml/jest.config.js:12 src/platform/packages/private/default-nav/ml/tsconfig.json:2 src/platform/packages/shared/deeplinks/ml/jest.config.js:12 src/platform/packages/shared/deeplinks/ml/tsconfig.json:2 x-pack/platform/packages/private/ml/agg_utils/jest.config.js:10 x-pack/platform/packages/private/ml/agg_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/aiops_change_point_detection/jest.config.js:10 x-pack/platform/packages/private/ml/aiops_change_point_detection/tsconfig.json:2 x-pack/platform/packages/private/ml/aiops_components/jest.config.js:10 x-pack/platform/packages/private/ml/aiops_components/tsconfig.json:2 x-pack/platform/packages/private/ml/aiops_test_utils/jest.config.js:10 x-pack/platform/packages/private/ml/aiops_test_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/cancellable_search/jest.config.js:10 x-pack/platform/packages/private/ml/cancellable_search/tsconfig.json:2 x-pack/platform/packages/private/ml/category_validator/jest.config.js:10 x-pack/platform/packages/private/ml/category_validator/tsconfig.json:2 x-pack/platform/packages/private/ml/creation_wizard_utils/jest.config.js:10 x-pack/platform/packages/private/ml/creation_wizard_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/data_frame_analytics_utils/jest.config.js:10 x-pack/platform/packages/private/ml/data_frame_analytics_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/data_grid/jest.config.js:10 x-pack/platform/packages/private/ml/data_grid/tsconfig.json:2 x-pack/platform/packages/private/ml/data_view_utils/jest.config.js:10 x-pack/platform/packages/private/ml/data_view_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/date_picker/jest.config.js:10 x-pack/platform/packages/private/ml/date_picker/tsconfig.json:2 x-pack/platform/packages/private/ml/date_utils/jest.config.js:10 x-pack/platform/packages/private/ml/date_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/field_stats_flyout/jest.config.js:10 x-pack/platform/packages/private/ml/field_stats_flyout/tsconfig.json:2 x-pack/platform/packages/private/ml/in_memory_table/jest.config.js:10 x-pack/platform/packages/private/ml/in_memory_table/tsconfig.json:2 x-pack/platform/packages/private/ml/inference_integration_flyout/jest.config.js:10 x-pack/platform/packages/private/ml/inference_integration_flyout/tsconfig.json:2 x-pack/platform/packages/private/ml/is_defined/jest.config.js:10 x-pack/platform/packages/private/ml/is_defined/tsconfig.json:2 x-pack/platform/packages/private/ml/is_populated_object/jest.config.js:10 x-pack/platform/packages/private/ml/is_populated_object/tsconfig.json:2 x-pack/platform/packages/private/ml/json_schemas/jest.config.js:10 x-pack/platform/packages/private/ml/json_schemas/package.json:7 x-pack/platform/packages/private/ml/json_schemas/tsconfig.json:2 x-pack/platform/packages/private/ml/kibana_theme/jest.config.js:10 x-pack/platform/packages/private/ml/kibana_theme/tsconfig.json:2 x-pack/platform/packages/private/ml/local_storage/jest.config.js:10 x-pack/platform/packages/private/ml/local_storage/tsconfig.json:2 x-pack/platform/packages/private/ml/nested_property/jest.config.js:10 x-pack/platform/packages/private/ml/nested_property/tsconfig.json:2 x-pack/platform/packages/private/ml/number_utils/jest.config.js:10 x-pack/platform/packages/private/ml/number_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/parse_interval/jest.config.js:10 x-pack/platform/packages/private/ml/parse_interval/tsconfig.json:2 x-pack/platform/packages/private/ml/query_utils/jest.config.js:10 x-pack/platform/packages/private/ml/query_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/route_utils/jest.config.js:10 x-pack/platform/packages/private/ml/route_utils/tsconfig.json:2 x-pack/platform/packages/private/ml/string_hash/jest.config.js:10 x-pack/platform/packages/private/ml/string_hash/tsconfig.json:2 x-pack/platform/packages/private/ml/time_buckets/jest.config.js:10 x-pack/platform/packages/private/ml/time_buckets/tsconfig.json:2 x-pack/platform/packages/private/ml/ui_actions/jest.config.js:10 x-pack/platform/packages/private/ml/ui_actions/tsconfig.json:2 x-pack/platform/packages/private/ml/url_state/jest.config.js:10 x-pack/platform/packages/private/ml/url_state/tsconfig.json:2 x-pack/platform/packages/private/ml/validators/jest.config.js:10 x-pack/platform/packages/private/ml/validators/tsconfig.json:2 x-pack/platform/packages/shared/ml/aiops_common/jest.config.js:10 x-pack/platform/packages/shared/ml/aiops_common/tsconfig.json:2 x-pack/platform/packages/shared/ml/aiops_log_pattern_analysis/jest.config.js:10 x-pack/platform/packages/shared/ml/aiops_log_pattern_analysis/tsconfig.json:2 x-pack/platform/packages/shared/ml/aiops_log_rate_analysis/jest.config.js:10 x-pack/platform/packages/shared/ml/aiops_log_rate_analysis/tsconfig.json:2 x-pack/platform/packages/shared/ml/anomaly_utils/jest.config.js:10 x-pack/platform/packages/shared/ml/anomaly_utils/tsconfig.json:2 x-pack/platform/packages/shared/ml/chi2test/jest.config.js:10 x-pack/platform/packages/shared/ml/chi2test/tsconfig.json:2 x-pack/platform/packages/shared/ml/error_utils/jest.config.js:10 x-pack/platform/packages/shared/ml/error_utils/tsconfig.json:2 x-pack/platform/packages/shared/ml/random_sampler_utils/jest.config.js:10 x-pack/platform/packages/shared/ml/random_sampler_utils/tsconfig.json:2 x-pack/platform/packages/shared/ml/response_stream/jest.config.js:10 x-pack/platform/packages/shared/ml/response_stream/tsconfig.json:2 x-pack/platform/packages/shared/ml/runtime_field_utils/jest.config.js:10 x-pack/platform/packages/shared/ml/runtime_field_utils/tsconfig.json:2 x-pack/platform/packages/shared/ml/trained_models_utils/jest.config.js:10 x-pack/platform/packages/shared/ml/trained_models_utils/tsconfig.json:2 x-pack/platform/plugins/private/data_visualizer/jest.config.js:10 x-pack/platform/plugins/private/data_visualizer/tsconfig.json:2 x-pack/platform/plugins/private/data_visualizer/tsconfig.json:7 x-pack/platform/plugins/private/transform/jest.config.js:10 x-pack/platform/plugins/private/transform/tsconfig.json:10 x-pack/platform/plugins/private/transform/tsconfig.json:2 x-pack/platform/plugins/shared/aiops/jest.config.js:10 x-pack/platform/plugins/shared/aiops/tsconfig.json:2 x-pack/platform/plugins/shared/aiops/tsconfig.json:7 x-pack/platform/plugins/shared/ml/jest.config.js:10 x-pack/platform/plugins/shared/ml/readme.md:186 x-pack/platform/plugins/shared/ml/readme.md:192 x-pack/platform/plugins/shared/ml/tsconfig.json:12 x-pack/platform/plugins/shared/ml/tsconfig.json:2 x-pack/platform/plugins/shared/ml/tsconfig.json:24 ``` </details> <details> <summary>Script errors</summary> ``` ``` </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Walter Rafelsberger <walter.rafelsberger@elastic.co>	2024-12-09 17:36:25 +01:00
Rodney Norris	434eaa78ad	[Search] Search Playground - shared rendering (#201302)	2024-12-05 15:09:51 -06:00
Dario Gieselaar	63da7701e7	[Streams] App plugin (#200060) ... Creates the Streams app plugin, which renders UI for managing streams (see https://github.com/elastic/kibana/pull/198713). Additional changes in this PR: - The menus were updated to conditionally add a link to the Streams app. The Streams plugin itself returns a status$ observable which signals if Streams have been enabled. This value is used to conditionally render the link in the various flavors of menus. - There's a small change in the ES types to allow for ordered params in ES|QL (vs named params) - `@kbn/server-route-repository` was updated to be able to override `access` (instead of only inferring it from the endpoint name). Additionally, we now allow all route options by default. - `@kbn/typed-react-router-config` now also exports a `useBreadcrumbs`. This was copied over from the APM implementation. - the signature of the `esql` method in `ObservabilityElasticsearchClient` was updated to separate processing options from options that are sent over to the _query endpoint. --------- Co-authored-by: Chris Cowan <chris@elastic.co> Co-authored-by: Joe Reuter <johannes.reuter@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-11-25 14:51:24 +01:00
Ievgen Sorokopud	a627e011a8	[Rules migration][UI] Basic rule migrations UI (#10820) (#200978) ... ## Summary [Internal link](https://github.com/elastic/security-team/issues/10820) to the feature details This is a very first version of the SIEM rules migrations UI functionality. The main goal is to setup and agree on a folder structure where the feature gonna live. Tests covering feature will follow in a separate PR (see [internal link](https://github.com/elastic/security-team/issues/11232) for more details). The code follows the structure of prebuilt rules feature https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table and hidden behind `siemMigrationsEnabled` feature flag. ### Key UI changes * New "SIEM Rules Migrations." rules management sub-page * Navigation between different "finished" migrations * InMemory table with all the translations within the selected migration * Translation details preview flyout with `Translation` and `Overview` tabs * User cannot modify translations via UI ### Testing locally Enable the flag ``` xpack.securitySolution.enableExperimental: ['siemMigrationsEnabled'] ``` ### Screenshot https://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac	2024-11-22 15:48:14 +01:00
Gerard Soldevila	b24fdf5d3f	Sustainable Kibana Architecture: Categorise straightforward packages (#199630) ... ## Summary This PR is part of the Kibana Sustainable Architecture effort. The goal is to start categorising Kibana packages into _generic platform_ (`group: "platform"`) vs _solution-specific_. ``` group?: 'search' | 'security' | 'observability' | 'platform' visibility?: 'private' | 'shared' ``` Uncategorised modules are considered to be `group: 'common', visibility: 'shared'` by default. We want to prevent code from solution A to depend on code from solution B. Thus, the rules are pretty simple: * Modules can only depend on: * Modules in the same group * OR modules with 'shared' visibility * Modules in `'observability', 'security', 'search'` groups are mandatorily `visibility: "private"`. Long term, the goal is to re-organise packages into dedicated folders, e.g.: ``` x-pack/platform/plugins/private x-pack/observability/packages ``` For this first wave, we have categorised packages that seem "straightforward": * Any packages that have: * at least one dependant module * all dependants belong to the same group * Categorise all Core packages: * `@kbn/core-...-internal` => _platform/private_ * everything else => _platform/shared_ * Categorise as _platform/shared_ those packages that: * Have at least one dependant in the _platform_ group. * Don't have any `devOnly: true` dependants. ### What we ask from you, as CODEOWNERS of the _package manifests_, is that you confirm that the categorisation is correct: * `group: "platform", visibility: "private"` if it's a package that should only be used from platform code, not from any solution code. It will be loaded systematically in all serverless flavors, but solution plugins and packages won't be able to `import` from it. * `group: "platform", visibility: "shared"` if it's a package that can be consumed by both platform and solutions code. It will be loaded systematically in all serverless flavors, and anybody can import / use code from it. * `group: "observability" | "security" | "search", visibility: "private"` if it's a package that is intented to be used exclusively from a given solution. It won't be accessible nor loaded from other solutions nor platform code. Please refer to [#kibana-sustainable-architecture](https://elastic.slack.com/archives/C07TCKTA22E) for any related questions. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-11-22 10:33:25 +01:00
José Luis González	d14c03e22d	[Search][ES3][Coming soon pages] Connectors and Web crawlers coming soon pages (#199284) ... ## Summary This PR exposes upcoming Elastic managed connectors and Elastic managed web crawlers in 2 different coming soon pages. From the connectors journey, the initial empty state will perform as a shuttler to let users choose between Self-managed and Elastic managed approaches. The self-managed CTA button will take us to the current connectors creation flow in ES3. The secondary CTA will take us to the Elastic managed coming soon page. Once users would have any connector created the initial connectors empty state will go away. But we will let users come back to the Elastic managed connector coming soon page showing a Callout on top of the connectors list. From the Web crawlers journey, the initial empty state let us choose also between Self-managed and Elastic managed web crawlers approaches. The first one will take us to the Open web crawler repo and the second CTA button will take us to the Elastic managed web crawler coming soon page.  ### Tasks - [x] Modify current connectors empty state to become the landing to go for Self-managed or Elastic managed connectors - [x] Create the Elastic managed connectors coming soon page - [x] Create the Web crawlers empty state page - [x] Create the Elastic managed Web crawlers coming soon page - [x] Add the Web crawlers navigation entry point - [x] Add a Callout when listing existing connectors to take users to the Elastic managed coming soon page. - [x] Callout issue 1: Clicking Callout CTA button doesn't take us to that page, it looks like a React router issue. - [x] Callout issue 2: Handle the dismissible state persistency - [ ] Validate that we can capture required telemetry ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes&mdash;Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-11-19 13:20:00 +01:00
Rodney Norris	e03e59b6d4	[ES3][Search] Create Index Page (#199402) ... ## Summary This PR introduces a Create Index page for the serverless search solution. This page is almost identical to the new Global Empty State, but is navigated to via the Create Index button in Index Management. The index details redirect logic is also slightly different on the Create Index page, it will only redirect when the "code" view is open and a new index is created. instead of redirecting from both UI and Code view like the Global Empty State page does. With the addition of this page we are also removing the "Home" link from the serverless search side nav to reduce confusion when the global empty start redirects to index management when indices exist. There is also some minor clean-up to ensure both the global empty state and the new create index pages have proper document titles and breadcrumbs. ### Screenshots Updates to Global Empty State:  Create Index Page: <img width="1320" alt="image" src="https://github.com/user-attachments/assets/0d095eb6-fda3-4783-83ab-20449b5b31f1"> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>	2024-11-11 13:24:32 -06:00
Rodney Norris	c4301d080b	[Search] Refactor: abstracting classic nav items (#196579) ... ## Summary Moved the base set of sidenav items from being statically defined in useEnterpriseSearchNav to using a function that can be shared with the plugin. Additionally wrapped this generation in a `useMemo` to improve performance. This will support the ability to share the classic navigation items for Search to other plugins so that they can render their own UIs without sharing components with enterprise_search just to have access to the side nav defined by enterprise_search. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>	2024-10-30 09:39:42 -05:00
Rodney Norris	a124493b8c	[Search][Fix] Inference Endpoints deep link & Side Nav access (#197461)	2024-10-23 18:44:23 -05:00
Mykola Harmash	db574f4cd5	[Onboarding] Remove System Logs onboarding flow (#196132) ... Closes https://github.com/elastic/kibana/issues/192815 Removes the legacy System Logs onboarding flow as it now has been replaced by the Auto-Detect flow.	2024-10-17 14:41:10 +02:00
Tiago Vila Verde	58b2c6ebde	[Entity Store] Enablement UI (#196076) ... ### Entity store enablement UI This PR adds a UI to enable the Entity Store. ### How to test 1. Enable `entityStoreEnabled` experimental feature flag 2. Navigate to `Security > Dashboards > Entity Analytics` 3. Work through the distinct flows to enable the store * For example, choose to enable risk score together with the store 4. Navigate to `Security > Manage > Entity Store` to start/stop the store 5. Validate that the appropriate transforms and pipelines have been initialized and have the correct status (for example, via the Stack Management UI) EDIT: Enablement flow screenshots: #### Enable both risk score and entity store  #### Enable Risk score only (Entity store already enabled)  #### Modal to choose what to enable  #### New Entity Store management page  --------- Co-authored-by: jaredburgettelastic <jared.burgett@elastic.co> Co-authored-by: machadoum <pablo.nevesmachado@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co> Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>	2024-10-15 10:42:39 -05:00
Abdul Wahab Zahid	fed9a19386	Remember tab choice between logs explorer and discover (#194930) ... Closes #193321 ## Summary The PR adds the redirection point when "Discover" menu item is clicked on the sidenav in serverless (or solution nav on stateful). Based on what tab between "Discover" or "Logs Explorer" the user clicked recently, "Discover" will point to that app/tab. Previously, "Discover" would always point to "Logs Explorer" on serverless and to "Discover" on stateful. In order to implement this, a temporary app `last-used-logs-viewer` is registered in `observability-logs-explorer` plugin whose only job is to read the last stored value in local storage and perform the redirection. Doing the redirection from a temporary app should help prevent triggering unnecessary telemetry and history entries. And it should be fairly easy to undo once context aware redirection is in place. ~With this implementation, only the behavior of user clicking "Discover" on the sidenav and clicking the tabs is affected and any deeplinks from other apps or direct links should work as is.~ The tab choice will be updated even if the apps are visited via url. https://github.com/user-attachments/assets/8a0308db-9ddb-47b6-b1a5-8ed70662040d --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-10-14 11:26:24 +02:00
Rodney Norris	d573915dd3	[Search][Onboarding] Default home to Global Empty State (#195142) ... ## Summary Updated the ES3 (Serverless Search) default home route to be the global empty state, when `search_indices` is enabled. Moved the getting started page, the current homepage, from `/app/elasticsearch` to `/app/elasticsearch/getting_started` This required adding a redirect for `/app/elasticsearch` to `/app/elasticsearch/start`. After we enabled `search_indices` by default for ES3, we can remove the conditional logic added by this PR. ### Screenshots ES3 Home With search indices config FF enabled  ES3 Home with search indices config FF disabled  ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed	2024-10-08 09:29:59 -05:00
Achyut Jhunjhunwala	0d19367fdf	[Dataset Quality] Implement _ignored root cause identification flow (#192370) ... ## Summary Closes - https://github.com/elastic/kibana/issues/192471 Closes - https://github.com/elastic/kibana/issues/191055 The PR adds Flyout to the Degraded Fields inside the Dataset Quality Details page where the Root Cause of the Degraded Field is diagnosed. ## Pending Items - [x] API Tests for 1 new and 2 old API modifications - [x] E2E Tests for the Flyout ## How to test this NOTE (Below guide is for Stateful, you can do the same for serverless) - Checkout the PR using - `gh pr checkout 192370` 1. Start the FTR server using the command below ``` yarn test:ftr:server --config ./x-pack/test/functional/apps/dataset_quality/config.ts ``` 2. Go to the following path - `x-pack/test/functional/apps/dataset_quality/degraded_field_flyout.ts` 3. Comment out the 2 `after` blocks present at Line - 54-56 and 414-416 4. Run the FTR runner using the command below ``` yarn test:ftr:runner --config ./x-pack/test/functional/apps/dataset_quality/config.ts --include ./x-pack/test/functional/apps/dataset_quality/degraded_field_flyout.ts ``` Let the test run and go green 5. Navigate to `http://localhost:5620/app/management/data/data_quality/` username - `test_user` and password - `changeme` 6. Select the `degraded.dataset.rca` dataset You will have an environment ready to test the flyout different scenarios ## Demo ## Field Limit and Ignore above isse  ## Warning about not current quality issue  ## Blocker There is an Elasticsearch issue on Serverless, which becomes a blocker for merging this PR https://github.com/elastic/elasticsearch-serverless/issues/2815	2024-10-04 09:41:55 +02:00
Philippe Oberti	39ac875b76	[Security Solution][Notes] - move notes management page under manage section instead of timeline (#194250)	2024-10-01 13:30:47 -05:00
Melissa Alvarez	e5600b18b1	[ML] Anomaly Detection supplied configurations: adds page in ML UI for Supplied configurations (ML Modules) (#191564) ... ## Summary This PR adds a page in the UI for 'Supplied configurations' Dependent on this fix to the endpoint schema going in first: https://github.com/elastic/kibana/pull/191633 NOTE: This item will be added to the side-nav of oblt serverless once this update is in: https://github.com/elastic/kibana/issues/190458 Adds dedicated UI page for preconfigured job packages - subitem of the Anomaly Detection navigation: <img width="1721" alt="image" src="https://github.com/user-attachments/assets/194bbf44-aa7c-4afa-94e3-587fb9e5f601"> When they can't be run in the ML UI: <img width="1467" alt="image" src="https://github.com/user-attachments/assets/487463e8-7520-48de-8806-1d45a82e452e"> When selected - flyout opens to reveal package assets: <img width="1098" alt="image" src="https://github.com/user-attachments/assets/a648a6d8-df79-4bb3-a797-61f02e246c9b"> Clicking the `Run data recognizer` button shows matching data views (if any) with link to job creation: <img width="1099" alt="image" src="https://github.com/user-attachments/assets/05e9f7f7-e41f-486d-ba41-84cacf534cd0"> Empty table when no matching dataviews are found: <img width="999" alt="image" src="https://github.com/user-attachments/assets/d8bbf3be-7035-4e2f-956e-83dfbc26b247"> Jobs tab of flyout: <img width="1102" alt="image" src="https://github.com/user-attachments/assets/e94efb2e-1f21-4883-aa2b-2c42db5be970"> kibana tab of flyout: <img width="1100" alt="image" src="https://github.com/user-attachments/assets/0021a527-8d9d-4e06-9fae-d832015f7f7d"> ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>	2024-09-12 10:30:09 -06:00
Dario Gieselaar	98aa1ab769	[Inventory] Inventory plugin (#191798) ... ## Description This PR adds an inventory plugin, which renders an inventory UI. Currently only data streams are rendered. This is part of the LogsAI initiative - basically we need a UI for tasks like structuring data, extracting entities, listing the results etc. This is mostly POC-level stuff. Eventually some of this code might be handed over to ECO but let's cross that bridge when we get to it. ## Notes for reviewers: @elastic/appex-ai-infra @elastic/security-generative-ai: added a `truncateList` utility function that takes the first n elements of an array and appends a `{l-n} more` string value if there are more values than n. Really simple but I expect will also be very often used because we cannot send a huge amount of items to the LLM. @elastic/kibana-core @elastic/kibana-operations: just boiler plate stuff for adding a new plugin (and thank you for enabling us to run `quick_checks` locally! @elastic/obs-knowledge-team: added support for streaming using an Observable. @elastic/obs-ux-management-team: added links to the Inventory UI in the Observability plugin @elastic/obs-entities: I've added an entity manager client to be able to fetch entity definitions on the server. Maybe there's a better way? LMK. @elastic/obs-ux-logs-team: added a deeplink to the Inventory UI. I've also moved CODEOWNERS for this package to @elastic/obs-ux-management-team as they own the Observability plugin where this is mostly used. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-09-12 15:07:09 +02:00
Luke Elmers	b6287708f6	Adds AGPL 3.0 license (#192025) ... Updates files outside of x-pack to be triple-licensed under Elastic License 2.0, AGPL 3.0, or SSPL 1.0.	2024-09-06 19:02:41 -06:00
Achyut Jhunjhunwala	0be5efd71b	[Dataset Quality] Create the basic degraded fields flyout (#191597) ... ## Summary Closes - https://github.com/elastic/kibana/issues/190328 Delivered as part of this PR - [x] Added a new Degraded Field Flyout with a basic List of data point for the degraded Field - [x] A new endpoint to display possible values. This endpoint will query to get the latest values, maximum 4 - [x] URL supports Flyout state - [x] API Tests for the new endpoint - [x] E2E tests for the flyout ## Screenshot <img width="1903" alt="image" src="https://github.com/user-attachments/assets/9bc20d15-d52b-4d1e-827f-ab1444e27128"> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-09-03 12:25:09 -05:00
Achyut Jhunjhunwala	8431033910	[Dataset Quality]Migrate telemetry tests and remove flyout code (#190584) ... ## Summary closes https://github.com/elastic/kibana/issues/184572 After the merge of the 1st [PR](https://github.com/elastic/kibana/pull/189532) around Flyout migration, this PR covers the remaining bits. - [x] Adding same telemetry to the page which was present in the flyout - [x] Create a Locator and use it in the Table to connect the main page with Details page - [x] Update locator in Unified Doc Viewer - [x] Migrate all kind of tests which were present for flyout to the page - [x] Remove everything which was once called Dataset Quality Flyout. - [x] Make build green - Yellow is also acceptable --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-08-27 04:12:53 -05:00
Kevin Delemme	aa67c800ce	chore(investigate): Add investigate-app plugin from poc (#188122)	2024-07-23 11:44:32 -04:00
Saikat Sarkar	ff651f20d2	[Inference Endpoints View] Deletion, search and filtering of inference endpoints (#186206) ... This PR consists of the following changes: - An option to delete an existing inference endpoint - Filtering the endpoints based on 'provider' and 'type' - Search option - Display the trained models deployment status - Display additional 3rd party providers (Mistral, Azure OpenAI, Azure AI Studio) - Add licensing for gating enterprise licensed users ### Stack Management  ### Serverless  --------- Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com>	2024-07-09 08:42:52 -06:00
Achyut Jhunjhunwala	2e8ca07ced	[Logs Explorer] Add logic to render degraded fields table in Logs Flyout (#186287) ... ## Summary Closes - https://github.com/elastic/kibana/issues/172272 The PR adds the degraded Field Table in the Logs Flyout. The accordion is kept closed by default. For demo purposes below screenshot will show it expanded This PR will also fix a very simply Flaky Test - https://github.com/elastic/kibana/issues/186244 ## Pending Items - [x] Add Locator for Dataset Quality Page - [x] Add tests ## Demo  --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-07-09 12:27:45 +02:00
Felix Stürmer	c3c4dca289	[Logs UI] Fix fly-out link to the legacy Uptime app (#186328)	2024-07-04 18:28:25 +02:00
Rodney Norris	74c4d3a85e	[Search] Homepage Plugin setup (#186224) ... ## Summary Introducing the `search_homepage` plugin along with integration into `enterprise_search` and `serverless_search` behind a feature flag. This will allow implementing the feature gated behind the feature flag. To test these changes you can enable the feature flag with the Kibana Dev Console using the following command: ``` POST kbn:/internal/kibana/settings/searchHomepage:homepageEnabled {"value": true} ``` You can then disable the feature flag with the following command: ``` DELETE kbn:/internal/kibana/settings/searchHomepage:homepageEnabled ``` ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-06-19 12:47:18 +02:00
Philippe Oberti	072cad1ab8	[Security Solution][Notes] - add feature flag, new expandable flyout tab and manage entry (#186299)	2024-06-18 17:39:06 -05:00
Saikat Sarkar	db425e3f4f	Add inference endpoints management page (#184614) ... ## Description In this PR, we implemented a view for managing inference endpoints. The changes include the following items for both **Serverless** and **Stack**. - A blank page will be displayed if no inference endpoints are available. - A page displaying a list of inference endpoints. The user can view various details about each endpoint, such as the endpoint itself, the provider, and the type. The table supports pagination and sorting. - Users can add a new inference endpoint using Elasticsearch models and third-party APIs, including Hugging Face, Cohere, and OpenAI. To keep the changes in this PR manageable, the following items are **out of scope** but will be added in subsequent PRs - Option to delete an inference endpoint - Filtering and Search bar - Information about allocations, thread. - Icons for **Provider** - Deployment status of underlying trained models ## Empty page in Stack Management e2064ee8-3623-457f-8a04-19603e97e815 ## Page with all inference endpoints in Stack Management 89bec450-1569-4425-b013-5058b577b95a ## Inference Endpoints Management in Serverless bd8b6b71-0e09-49f4-aa9a-19338a1da225 --------- Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com> Co-authored-by: István Zoltán Szabó <istvan.szabo@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-06-13 10:00:33 -07:00
Sander Philipse	95eb12cc45	[Search] Renaming the search frontend group (#184565) ... ## Summary This renames the enterprise-search-frontend group to search-kibana to better align with what our group actually does.	2024-06-03 13:14:49 -07:00
Justin Kambic	90d1dc5d0f	[Observability Onboarding] Update Add data links to use improved deep linking (#184164) ... ## Summary Resolves #179543. This patch will update the deep linking used by `Add data` links throughout Observability to pre-select the proper experience when navigating. This will streamline the process for users to help them more quickly ingest the data they need, allowing them to get value out of solution pages with fewer clicks. The changes (from the parent issue): - [x] Allow o11y Onboarding Locator to take query params 4a024a09c7 - [x] 'Add data' on the top right of Logs Explorer page should link to the new Add data UX where the use case 'collect and analyze logs' is pre-selected. 1cef1c68d5 - [x] 'Add data' on the top right of Logs -> Stream page should link to the new Add data UX where the use case 'collect and analyze logs' is pre-selected. 75615b34dd - [x] 'Add data' on the top right of Logs -> Anomalies page should link to the new Add data UX where the use case 'collect and analyze logs' is pre-selected. 75615b34dd - [x] 'Add data' on the top right of Logs -> Categories page should link to the new Add data UX where the use case 'collect and analyze logs' is pre-selected. 75615b34dd - [x] 'Add data' on the top right of Infrastructure -> Inventory page should link to the new Add data UX where the use case 'monitor infrastructure' is pre-selected. 07fac0f8b5 - [x] 'Add data' on the top right of Infrastructure -> Metrics Explorer page should link to the new Add data UX where the use case 'monitor infrastructure' is pre-selected. 07fac0f8b5 - [x] 'Add data' on the top right of Infrastructure -> Hosts page should link to the new Add data UX where the use case 'monitor infrastructure' is pre-selected. 07fac0f8b5 ### Demo  --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-05-29 16:17:24 -04:00
Yngrid Coello	d39739ee85	[Dataset quality] Move page to stack management > Data (#184122) ... Relates to https://github.com/elastic/kibana/issues/183406. ## 📝 Summary This PR creates a new plugin `data_quality` in order to register dataset quality as a Stack management page under data section. For now there is no reference to this new page in the sideNav in stateful or serverless. In order to navigate to this new page you can use the url `/app/management/data/data_quality` Changes included in this PR: - New plugin created - Plugin registered in stack management, data section - Dataset quality plugin is instantiated and the state is in sync with URL - Removed references to dataset quality in Logs explorer ## 🎥 Demo 501c9c47-4a1b-4f91-9be6-d022a821e88e ## 🙅🏼 Missing - Dataset quality locator - There are still references to logs explorer (table and flyout) that will be handled in a follow up PR. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-05-29 07:06:43 -07:00
Andrew Macri	a05355713e	[Security Solution] [Attack discovery] Attack discovery (#181818) ... ## [Security Solution] [Attack discovery] Attack discovery ### Summary This PR renames the _Attack discovery_ Security Solution feature from its original name, [AI Insights](https://github.com/elastic/kibana/pull/180611).  _Above: Attack discovery in the Security Solution_ Attack discovery uses AI to identify active attacks in the environment, without the time (or prior experience) required to manually investigate individual alerts in Elastic Security, identify if they are related, and document the identified attack progression. While users can ask the Assistant to find these progressions today, Attack discovery is a dedicated UI to identify these progressions and action them accordingly. This feature adds a new page, `Attack discovery`, to the Security Solution's global navigation. Attack discoveries are generated from Large Language Models (LLMs) to identify attack progressions in alert data, and to correlate and identify related entities and events. When possible, attack progressions are attributed to threat actors. ### Details Users may generate attack discoveries from a variety of LLMs, configured via [Connectors](https://www.elastic.co/guide/en/kibana/master/action-types.html):  _Above: LLM selection via the connectors popup menu_ Clicking on the title of an attack discovery toggles the discovery between the collapsed and expanded state:  _Above: Collapsing / expanding an attack discovery (animated gif)_ The first three discoveries displayed on the Attack discoveries page are expanded by default. Any additional discoveries that appear after the first three must be expanded manually. Attack discoveries provide a summary of the entities impacted by an attack. Clicking on an entity, i.e. a hostname or username, displays the entity flyout with the entity's risk summary:  _Above: Clicking on a host in the summary of the attack discovery reveals the host risk summary (animated gif)_ Hover over fields in the discovery's summary or details to reveal pivot actions for investigations:  _Above: Hovering over fields in the details of an attack discovery reveals pivot actions (animated gif)_ Attack discoveries are generated from alerts provided as context to the selected LLM. The alert data provided to the LLM is anonymized automatically. Anonymization is [configured](https://www.elastic.co/guide/en/security/current/security-assistant.html#ai-assistant-anonymization) via the same anonymization settings as the Assistant. Users may override the defaults to allow or deny specific alert fields, and to toggle anonymization on or off for specific fields. Click the Anonymization toggle to show or hide the actual values sent to the LLM:  _Above: Toggling anonymization to reveal the actual values sent to the LLM (animated gif)_ ### Empty prompt At the start of a session, or when a user selects a connector that doesn't (yet) have any attack discoveries, an [empty prompt](https://eui.elastic.co/#/display/empty-prompt) is displayed. The animated counter in the empty prompt counts up until it displays the maximum number of alerts that will be sent to the LLM:  _Above: An animated counter displays the maximum number of alerts that will be sent to the LLM (animiated gif)_ The _Settings_ section of this PR details how users configure the number of alerts sent to the LLM. The animated counter in the empty prompt immediately re-animates to the newly-selected number when the setting is updated. ### Take action workflows The _Take action_ popover displays the following actions: - `Add to new case` - `Add to existing case` - `View in AI Assistant`  _Above: The Take action popover_ #### Add to new case Clicking the `Add to new` case action displays the `Create case` flyout.  _Above: The `Add to new case` workflow_ An `Alerts were added to <case name>` toast is displayed when the case is created:  _Above: Case creation toast_ A markdown representation of the attack discovery is added to the case:  _Above: A markdown representation of an attack discovery in a case_ The alerts correlated to generate the discovery are attached to the case:  _Above: Attack discovery alerts attached to a case_ #### Add to existing case Clicking the `Add to existing case` action displays the `Select case` popover.  _Above: The `Select case` popover_ When users select an existing case, a markdown representation of the attack discovery, and the alerts correlated to generate the discovery are attached to the case, as described above in the _Add to new case_ section. #### View in AI Assistant The `View in AI Assistant` action in the `Take action` popover, and two additional `View in AI Assistant` affordances that appear in each discovery have the same behavior: Clicking `View in AI Assistant` opens the assistant and adds the attack discovery as context to the current conversation.  _Above: An attack discovery added as context to the current conversation_ Clicking on the attack discovery in the assistant expands it to reveal a preview of the discovery.  _Above: An expanded attack discovery preview in the assistant_ The expanded attack discovery preview reveals the number of anonymzied fields from the discovery that were made available to the conversation. This feature ensures discoveries are added to a conversation with the anonymized field values. An attack discovery viewed in the AI assistant doesn't become part of the conversation until the user submits it by asking a question, e.g. `How do I remediate this?`. Attack discoveries provided as context to a conversation are formatted as markdown when sent to the LLM:  _Above: Attack discoveries provided as context to a conversation are formatted as markdown_ Users may toggle anonymization in the conversation to reveal the original field values.  _Above: Revealing the original field values of an attack discovery added as markdown to a conversation (animated gif)_ #### Alerts tab The _Alerts_ tab displays the alerts correlated to generate the discovery.  _Above: The alerts correlated to generate the attack discovery in the Alerts tab_ The `View details`, `Investigate in timeline`, and overflow row-level alert actions displayed in the Alerts tab are the same actions available on the Cases's page's Alerts tab:  _Above: Row-level actions are the same as the Cases pages Alert's tab_ #### Investigate in Timeline Click an attack discovery's `Investigate in Timeline` button to begin an investigation of an discovery's alerts in Timeline. Alert IDs are queried via the `Alert Ids` filter:  _Above: Clicking Investigate in Timeline (animated gif)_ The alerts from the attack discovery are explained via row renderers in Timeline:  _Above: Row rendered attack discovery alerts in Timeline_ ### Attack Chain When alerts are indicative of attack [tactics](https://attack.mitre.org/tactics/enterprise/), those tactics are displayed in the discovery's _Attack Chain_ section:  _Above: An attack discovery with tactics in the Attack chain_ The Attack Chain section will be hidden if an attack discovery is not indicative of specific tactics. ### Mini attack chain Every attack discovery includes a mini attack chain that visually summarizes the tactics in a discovery. Hovering over the mini attack chain reveals a tooltip with the details:  _Above: The mini attack chain tooltip_ ### Storage The latest attack discoveries generated for each connector are cached in the browser's session storage in the following key: ``` elasticAssistantDefault.attackDiscovery.default.cachedAttackDiscoveries ``` Caching attack discoveries in session storage makes it possible to immediately display the latest when users return to the Attack discoveries page from other pages in the security solution (e.g. Cases).  _Above: Cached attack discoveries from session storage are immediately displayed when users navigate back to Attack discoveries (animated gif)_ While waiting for a connector to generate results, users may view the cached results from other connectors. Cached attack discoveries are immediately available, even after a full page refresh, as long as the browser session is still active. ### `Approximate time remaining` / `Above average time` counters Some LLMs may take seconds, or even minutes to generate attack discoveries. To help users anticipate the time it might take to generate new discoveries, the page displays a `Approximate time remaining: mm:ss` countdown timer that counts down to zero from the average time it takes to generate discoveries for the selected LLM:  _Above: The `Approximate time remaining: mm:ss` countdown counter (animated gif)_ If the LLM doesn't generate attack discoveries before the counter reaches zero, the text will change from `Approximate time remaining: mm:ss` to `Above average time: mm:ss`, and start counting up from `00:00` until the attack discoveries are generated:  _Above: The `Above average time: mm:ss` counter (animated gif)_ The first time attack discoveries are generated for a model, the `Approximate time remaining: mm:ss` counter is not displayed. Average time is calculated over the last 5 generations on the selected connector. This is illustrated by clicking on the (?) information icon next to the timer. The popover displays the average time, and the time in seconds for the last 5 runs:  _Above: Clicking on the (?) information icon displays the average time, and the duration / datetimes for the last 5 generations_ The time and duration of the last 5 generations (for each connector) are persisted in the browser's local storage in the following key: ``` elasticAssistantDefault.attackDiscovery.default.generationIntervals ``` ### Errors When attack discovery generation fails, an error toaster is displayed to explain the failure:  _Above: An error toast explains why attack discovery generation failed_ ### Feature flag The `attackDiscoveryEnabled` feature flag must be enabled to view the `Attack discovery` link in the Security Solution's global navigation. Add the `attackDiscoveryEnabled` feature flag to the `xpack.securitySolution.enableExperimental` setting in `config/kibana.yml` (or `config/kibana.dev.yml` in local development environments), per the example below: ``` xpack.securitySolution.enableExperimental: ['attackDiscoveryEnabled'] ``` ### Settings The number of alerts sent as context to the LLM is configured by `Knowledge Base` > `Alerts` slider in the screenshot below:  - The slider has a range of `10` - `100` alerts (default: `20`) Up to `n` alerts (as determined by the slider) that meet the following criteria will be returned: - The `kibana.alert.workflow_status` must be `open` - The alert must have been generated in the last `24 hours` - The alert must NOT be a `kibana.alert.building_block_type` alert - The `n` alerts are ordered by `kibana.alert.risk_score`, to prioritize the riskiest alerts ### License An Enterprise license is required to use Attack discovery. The following empty view is displayed for users who don't have an Enterprise license:  ## How it works - Users navigate to the Attack discovery page: `x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx` - When users click the `Generate` button(s) on the Attack discovery page, attack discoveries are fetched via the `useAttackDiscovery` hook in `x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx`. - The `fetchAttackDiscoveries` function makes an http `POST` request is made to the `/internal/elastic_assistant/attack_discovery` route. Requests include the following parameters: - `actionTypeId`, determines temperature and other connector-specific request parameters - `alertsIndexPattern`, the alerts index for the current Kibana Space, e.g. `.alerts-security.alerts-default` - `anonymizationFields`, the user's `Allowed` and (when applicable `Anonymized` ) fields in the `Anonymization` settings, e.g. `["@timestamp", "cloud.availability_zone", "file.name", "user.name", ...]` - `connectorId`, id of the connector to generate the attack discoveries - `size`, the maximum number of alerts to generate attack discoveries from. This numeric value is set by the slider in the user's `Knowledge Base > Alerts` setting, e.g. `20` - `replacements`, an optional `Record<string, string>` collection of replacements that's always empty in the current implementation. When non-empty, this collection enables new attack discoveries to be generated using existing replacements. ```json "replacements": { "e4f935c0-5a80-47b2-ac7f-816610790364": "Host-itk8qh4tjm", "cf61f946-d643-4b15-899f-6ffe3fd36097": "rpwmjvuuia", "7f80b092-fb1a-48a2-a634-3abc61b32157": "6astve9g6s", "f979c0d5-db1b-4506-b425-500821d00813": "Host-odqbow6tmc", // ... }, ``` - The `postAttackDiscoveryRoute` function in `x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts` handles the request. - The inputs and outputs to/from this route are defined by the [OpenAPI](https://spec.openapis.org/oas/v3.1.0) schema in `x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml`. ``` node scripts/generate_openapi --rootDir ./x-pack/packages/kbn-elastic-assistant-common ``` - The `postAttackDiscoveryRoute` route handler function in `x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts` invokes the `attack-discovery` tool, defined in `x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/attack_discovery_tool.ts`. The `attack-discovery` tool is registered by the Security Solution. Note: The `attack-discovery` tool is only used by the attack discovery page. It is not used to generate new attack discoveries from the context of an assistant conversation, but that feature could be enabled in a future release. - The `attack-discovery` tool uses a LangChain `OutputFixingParser` to create a [prompt sandwich](https://www.elastic.co/blog/crafting-prompt-sandwiches-generative-ai) with the following parts: ``` ______________________________________________________ / \ | Attack discovery JSON formatting instructions | (1) \ _____________________________________________________/ +-----------------------------------------------------+ | Attack discovery prompt | (2) +-----------------------------------------------------+ / \ | Anonymized Alerts | (3) \_____________________________________________________/ ``` - The `Attack discovery JSON formatting instructions` in section `(1)` of the prompt sandwich are defined in the `getOutputParser()` function in `x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.ts`. This function creates a LangChain `StructuredOutputParser` from a Zod schema. This parser validates responses from the LLM to ensure they are formatted as JSON representing an attack discovery. - The `Attack discovery prompt` in section `(2)` of the prompt sandwich is defined in the `getAttackDiscoveryPrompt()` function in `x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.ts`. This part of the prompt sandwich includes instructions for correlating alerts, and additional instructions to the LLM for formatting JSON. - The `Anonymized Alerts` in section `(3)` of the prompt sandwich are returned by the `getAnonymizedAlerts()` function in `x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts`. The allow lists configured by the user determine which alert fields will be included and anonymized. - The `postAttackDiscoveryRoute` route handler returns the attack discoveries generated by the `attack-discovery` tool to the client (browser). - Attack discoveries are rendered in the browser via the `AttackDiscoveryPanel` component in `x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx` - The `AttackDiscoveryTab` tab in `x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx` includes the _Summary_ and _Details_ section of the attack discovery. - The `AttackDiscoveryMarkdownFormatter` in `x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.tsx` renders hover actions on entities (like hostnames and usernames) and other fields in the attack discovery. - The `AttackDiscoveryPanel` component makes use of the `useAssistantOverlay` hook in `x-pack/packages/kbn-elastic-assistant/impl/assistant/use_assistant_overlay/index.tsx` to register the attack discovery as context with the assistant. This registration process makes it possible to view discoveries in the assistant, and ask questions like "How do I remediate this?". In this feature, the `useAssistantOverlay` hook was enhanced to accept anonymizaton replacements. This enables an assistant conversation to (re)use replacements originally generated for an attack discovery.	2024-04-26 14:43:12 -04:00
Samiul Monir	41fd6432be	[Serverless] Playground in Serverless (#181474) ... ## Summary This PR: - Integrate Playground into Serverless - Redesign of Navigation Menu - Refactor Playground docs ## UI changes: ### Playground in Serverless  ### Playground with docs and indices  ### Playground in action  ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-04-26 14:12:51 -04:00
Abdul Wahab Zahid	707ec552d9	[Dataset quality] Pass breakdown field over to logs explorer from degraded docs chart (#181509) ... ## Summary The PR adds the `breakdownField` param in `LogsExplorerNavigationParams` so that when "Explorer data in Logs Explorer" is clicked on Degraded Docs chart on Dataset Quality flyout while the chart has a breakdown field selected, the field is passed over to Logs Explorer. b380ac85-e40e-451b-983f-41c68f87ed7b	2024-04-24 15:27:08 +02:00
Joe McElroy	019dd79096	[Search] [Playground] SideNav: move playground to build (#181087) ... Update Search nav to build and move playground from content to build  update the kibana side nav to feature Playground. This routes from application to playground.  --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>	2024-04-22 16:07:35 +01:00
Patryk Kopyciński	b53624d472	Add Security AI assistant settings to the Stack management (#176656) ... ## Summary <img width="3005" alt="Zrzut ekranu 2024-04-2 o 22 58 37" src="f7814891-d018-45e6-96a2-3da3321d56fd"> <img width="3006" alt="Zrzut ekranu 2024-04-2 o 22 58 45" src="a1ec8d96-b48e-4f57-9a6c-3f1823d164f1"> <img width="3007" alt="Zrzut ekranu 2024-04-2 o 22 58 54" src="f67fc0f0-b28c-40c8-8b25-5a180c115610"> <img width="3005" alt="Zrzut ekranu 2024-04-2 o 23 38 32" src="e79631ea-c87c-4dd1-8fe6-c5d257cf2fe7"> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Garrett Spong <spong@users.noreply.github.com> Co-authored-by: Garrett Spong <garrett.spong@elastic.co> Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>	2024-04-16 12:15:11 -07:00
Andrew Macri	32f43bf7e3	[Security Solution] [AI Insights] AI Insights (#180611) ... ## [Security Solution] [AI Insights] AI Insights ### Summary This PR introduces _AI Insights_ to the Security Solution:  _Above: AI Insights in the Security Solution_ AI Insights identify active attacks in the environment, without the time (or prior experience) required to manually investigate individual alerts in Elastic Security, identify if they are related, and document the identified attack progression. While users can ask the Assistant to find these progressions today, AI Insights is a dedicated UI to identify these progressions and action them accordingly. This feature adds a new page, `AI Insights`, to the Security Solution's global navigation. AI Insights are generated from Large Language Models (LLMs) to identify attack progressions in alert data, and to correlate and identify related entities and events. When possible, attack progressions are attributed to threat actors. ### Details Users may generate insights from a varetiy of LLMs, configured via [Connectors](https://www.elastic.co/guide/en/kibana/master/action-types.html):  _Above: LLM selection via the connectors popup menu_ Clicking on the title of an insight toggles the insight between the collapsed and expanded state:  _Above: Collapsing / expanding an insight (animated gif)_ The first three insights displayed on the AI Insights page are expanded by default. Any additional insights that appear after the first three must be expanded manually. Insights provide a summary of the entities impacted by an attack. Clicking on an entity, i.e. a hostname or username, displays the entity flyout with the entity's risk summary:  _Above: Clicking on a host in the summary of the insight reveals the host risk summary (animated gif)_ Hover over fields in the insight's summary or details to reveal pivot actions for investigations:  _Above: Hovering over fields in the details of an insight reveals pivot actions (animated gif)_ Insights are generated from alerts provided as context to the selected LLM. The alert data provided to the LLM is anonymized automatically. Anonymization is [configured](https://www.elastic.co/guide/en/security/current/security-assistant.html#ai-assistant-anonymization) via the same anonymization settings as the Assistant. Users may override the defaults to allow or deny specific alert fields, and to toggle anonymization on or off for specific fields. Click the Anonymization toggle to show or hide the actual values sent to the LLM:  _Above: Toggling anonymization to reveal the actual values sent to the LLM (animated gif)_ ### Empty prompt At the start of a session, or when a user selects a connector that doesn't (yet) have any insights, an [empty prompt](https://eui.elastic.co/#/display/empty-prompt) is displayed. The animated counter in the empty prompt counts up until it displays the maximum number of alerts that will be sent to the LLM:  _Above: An animated counter displays the maximum number of alerts that will be sent to the LLM (animiated gif)_ The _Settings_ section of this PR details how users configure the number of alerts sent to the LLM. The animated counter in the empty prompt immediately re-animates to the newly-selected number when the setting is updated. ### Take action workflows The _Take action_ popover displays the following actions: - `Add to new case` - `Add to existing case` - `View in AI Assistant`  _Above: The Take action popover_ #### Add to new case Clicking the `Add to new` case action displays the `Create case` flyout.  _Above: The `Add to new case` workflow_ An `Alerts were added to <case name>` toast is displayed when the case is created:  _Above: Case creation toast_ A markdown representation of the insight is added to the case:  _Above: A markdown representation of an insight in a case_ The alerts correlated to generate the insight are attached to the case:  _Above: Insight alerts attached to a case_ #### Add to existing case Clicking the `Add to existing case` action displays the `Select case` popover.  _Above: The `Select case` popover_ When users select an existing case, a markdown representation of the insight, and the alerts correlated to generate the insight are attached to the case, as described above in the _Add to new case_ section. #### View in AI Assistant The `View in AI Assistant` action in the `Take action` popover, and two additional `View in AI Assistant` affordances that appear in each insight have the same behavior: Clicking `View in AI Assistant` opens the assistant and adds the insight as context to the current conversation.  _Above: An insight added as context to the current conversation_ Clicking on the insight in the assistant expands it to reveal a preview of the insight.  _Above: An expanded insight preview in the assistant_ The expanded insight preview reveals the number of anonymzied fields from the insight that were made available to the conversation. This feature ensures insights are added to a conversation with the anonymized field values. An insight viewed in the AI assistant doesn't become part of the conversation until the user submits it by asking a question, e.g. `How do I remediate this?`. Insights provided as context to a conversation are formatted as markdown when sent to the LLM:  _Above: Insights provided as context to a conversation are formatted as markdown_ Users may toggle anonymization in the conversation to reveal the original field values.  _Above: Revealing the original field values of an insight added as markdown to a conversation (animated gif)_ #### Alerts tab The _Alerts_ tab displays the alerts correlated to generate the insight.  _Above: The alerts correlated to generate the insight in the Alerts tab_ The `View details`, `Investigate in timeline`, and overflow row-level alert actions displayed in the Alerts tab are the same actions available on the Cases's page's Alerts tab:  _Above: Row-level actions are the same as the Cases pages Alert's tab_ #### Investigate in Timeline Click an insight's `Investigate in Timeline` button to begin an investigation of an insights's alerts in Timeline. Alert IDs are queried via the `Alert Ids` filter:  _Above: Clicking Investigte in Timeline (animated gif)_ The alerts from the insight are explained via row renderers in Timeline:  _Above: Row rendered insight alerts in Timeline_ ### Attack Chain When alerts are indicative of attack [tactics](https://attack.mitre.org/tactics/enterprise/), those tactics are displayed in the insights's _Attack Chain_ section:  _Above: An insight with tactics in the Attach chain_ The Attack Chain section will be hidden if an insight is not indicative of specific tactics. ### Mini attack chain Every insight includes a mini attack chain that visually summarizes the tactics in an insight. Hovering over the mini attack chain reveals a tooltip with the details:  _Above: The mini attack chain tooltip_ ### Storage The latest insights generated for each connector are cached in the browser's session storage in the following key: ``` elasticAssistantDefault.aiInsights.cachedInsights ``` Caching insights in session storage makes it possible to immediately display the latest when users return to to the AI insights page from other pages in the security solution (e.g. Cases).  _Above: Cached insights from sesion storage are immediately displayed when users navigate back to AI Insights (animated gif)_ While waiting for a connector to generate results, users may view the cached results from other connectors. Cached insights are immediately available, even after a full page refresh, as long as the browser session is still active. ### `Approximate time remaining` / `Above average time` counters Some LLMs may take seconds, or even minutes to generate insights. To help users anticipate the time it might take to generate an insight, the AI insights feature displays a `Approximate time remaining: mm:ss` countdown timer that counts down to zero from the average time it takes to generate an insight for the selected LLM:  _Above: The `Approximate time remaining: mm:ss` countdown counter (animated gif)_ If the LLM doesn't generate insights before the counter reaches zero, the text will change from `Approximate time remaining: mm:ss` to `Above average time: mm:ss`, and start counting up from `00:00` until the insights are generated:  _Above: The `Above average time: mm:ss` counter (animated gif)_ The first time insights are generated for a model, the `Approximate time remaining: mm:ss` counter is not displayed. Average time is calculated over the last 5 generations on the selected connector. This is illustrated by clicking on the (?) information icon next to the timer. The popover displays the average time, and the time in seconds for the last 5 runs:  _Above: Clicking on the (?) information icon displays the average time, and the duration / datetimes for the last 5 generations_ The time and duration of the last 5 generations (for each connector) are persisted in the browser's local storage in the following key: ``` elasticAssistantDefault.aiInsights.generationIntervals ``` ### Errors When insight generation fails, an error toaster is displayed to explain the failure:  _Above: An error toaster explains why insights generation failed_ ### Feature flag The `assistantAlertsInsights` feature flag must be enabled to view the `AI Insights` link in the Security Solution's global navigation. Add the `assistantAlertsInsights` feature flag to the `xpack.securitySolution.enableExperimental` setting in `config/kibana.yml` (or `config/kibana.dev.yml` in local development environments), per the example below: ``` xpack.securitySolution.enableExperimental: ['assistantAlertsInsights'] ``` ### Settings The number of alerts sent as context to the LLM is configured by `Knowledge Base` > `Alerts` slider in the screenshot below:  - The slider has a range of `10` - `100` alerts (default: `20`) Up to `n` alerts (as determined by the slider) that meet the following criteria will be returned: - The `kibana.alert.workflow_status` must be `open` - The alert must have been generated in the last `24 hours` - The alert must NOT be a `kibana.alert.building_block_type` alert - The `n` alerts are ordered by `kibana.alert.risk_score`, to prioritize the riskiest alerts ### License An Enterprise license is required to use AI Insights. The following AI Insights view is displayed for users who don't have an Enterprise license:  ## How it works - Users navigate to the AI insights page: `x-pack/plugins/security_solution/public/ai_insights/pages/index.tsx` - When users click the `Generate` button(s) on the AI Insights page, insights are fetched via the `useInsights` hook in `x-pack/plugins/security_solution/public/ai_insights/use_insights/index.tsx`. - The `fetchInsights` function makes an http `POST` request is made to the `/internal/elastic_assistant/insights/alerts` route. include the following new (optional) parameters: - `actionTypeId`, determines tempature and other connector-specific request parameters - `alertsIndexPattern`, the alerts index for the current Kibana Space, e.g. `.alerts-security.alerts-default` - `allow`, the user's `Allowed` fields in the `Anonymization` settings, e.g. `["@timestamp", "cloud.availability_zone", "file.name", "user.name", ...]` - `allowReplacement`, the user's `Anonymized` fields in the `Anonymization` settings, e.g. `["cloud.availability_zone", "host.name", "user.name", ...]` - `connectorId`, id of the connector to generate the insights - `replacements`, an optional `Record<string, string>` collection of replacements that always empty in the current implementation. When non-empty, this collection enables new insights to be generated using existing replacements. ```json "replacements": { "e4f935c0-5a80-47b2-ac7f-816610790364": "Host-itk8qh4tjm", "cf61f946-d643-4b15-899f-6ffe3fd36097": "rpwmjvuuia", "7f80b092-fb1a-48a2-a634-3abc61b32157": "6astve9g6s", "f979c0d5-db1b-4506-b425-500821d00813": "Host-odqbow6tmc", // ... }, ``` - `size`, the maximum number of alerts to generate insights from. This numeric value is set by the slider in the user's `Knowledge Base > Alerts` setting, e.g. `20` - The `postAlertsInsightsRoute` function in `x-pack/plugins/elastic_assistant/server/routes/insights/alerts/post_alerts_insights.ts` handles the request. - The inputs and outputs to this route are defined by the [OpenAPI](https://spec.openapis.org/oas/v3.1.0) schema in `x-pack/packages/kbn-elastic-assistant-common/impl/schemas/insights/alerts/post_alerts_insights_route.schema.yaml`. ``` node scripts/generate_openapi --rootDir ./x-pack/packages/kbn-elastic-assistant-common ``` - The `postAlertsInsightsRoute` route handler function in `x-pack/plugins/elastic_assistant/server/routes/insights/alerts/post_alerts_insights.ts` invokes the `insights-tool`, defined in `x-pack/plugins/security_solution/server/assistant/tools/insights/insights_tool.ts`. The `insights-tool` is registered by the Security Solution. Note: The `insights-tool` is only used for generating insights. It is not used to generate new insights from the context of an assistant conversation, but that feature could be enabled in a future release. - The `insights-tool` uses a LangChain `OutputFixingParser` to create a [prompt sandwich](https://www.elastic.co/blog/crafting-prompt-sandwiches-generative-ai) with the following parts: ``` _________________________________________________ / \ | Insight JSON formatting instructions | (1) \ _______________________________________________/ +------------------------------------------------+ | Insights prompt | (2) +------------------------------------------------+ / \ | Anonymized Alerts | (3) \_______________________________________________/ ``` - The `Insight JSON formatting instructions` in section `(1)` of the prompt sandwich are defined in the `getOutputParser()` function in `x-pack/plugins/security_solution/server/assistant/tools/insights/get_output_parser.ts`. This function creates a LangChain `StructuredOutputParser` from a Zod schema. This parser validates responses from the LLM to ensure they are formatted as JSON representing an insight. - The `Insights prompt` in section `(2)` of the prompt sandwich is defined in the `getInsightsPrompt()` function in `x-pack/plugins/security_solution/server/assistant/tools/insights/get_insights_prompt.ts`. This part of the prompt sandwich includes instructions for correlating insights, and additional instructions to the LLM for formatting JSON. - The `Anonymized Alerts` in section `(3)` of the prompt sandwich are returned by the `getAnonymizedAlerts()` function in `x-pack/plugins/security_solution/server/assistant/tools/insights/get_anonymized_alerts.ts`. The allow lists configured by the user determine which alert fields will be included and anonymized. - The `postAlertsInsightsRoute` route handler returns the insights generated by the `insights-tool` to the client (browser). - Insights are rendered in the browser via the `Insight` component in `x-pack/plugins/security_solution/public/ai_insights/insight/index.tsx` - The `AiInsights` tab in `x-pack/plugins/security_solution/public/ai_insights/insight/tabs/ai_insights/index.tsx` includes the _Summary_ and _Details_ section of the Insight. - The `InsightMarkdownFormatter` in `x-pack/plugins/security_solution/public/ai_insights/insight_markdown_formatter/index.tsx` renders hover actions on entities (like hostnames and usernames) and other fields in the insight. - The `Insight` component makes use of the `useAssistantOverlay` hook in `x-pack/packages/kbn-elastic-assistant/impl/assistant/use_assistant_overlay/index.tsx` to register the insight as context with the assistant. This registration process makes it possible to view insights in the assistant, and ask questions like "How do I remediate this?". In this PR, the `useAssistantOverlay` hook was enhanced to accept anonymizaton replacements. This enables an assistant conversation to (re)use replacements originally generated for an insight.	2024-04-16 11:34:15 +02:00
Pablo Machado	79096beea5	[SecuritySolutions] Create Asset Criticality CSV upload page (#179891) ... ## Summary Create a new Asset Criticality page for updating asset criticality by file upload. Flaky test runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5662 Server side PR: https://github.com/elastic/kibana/pull/179930 f524b5e8-8efa-40c7-8e43-45cf43decefb The new page has three steps. You can access the page by going to Security -> Manage -> Asset Criticality. <img src="080a51bf-20e9-4f4b-84b2-13fe1cfdc1d5" width="400" /> ### File picker Step: <img src="e3aea4b8-2083-49a4-b4bf-dbb645fb463b" width="400" /> ### File validation step <img src="54b3018e-ef0e-4ac4-93b2-67ae02743eb8" width="400" /> ### Result step <img src="aa47a7af-1108-4ad6-8dc0-f728e0187026" width="400" /> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) a-docker) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) ## How to test it? * Open the page * Upload a valid CSV file * Check if everything is ok on the validation step * Click Assign * Check if the success message is displayed * Open the alert flyout for an updated asset and check if it has the new value ## What is not included? * Serverless * Disable the feature when asset criticality advanced setting is disabled ## Code owners files: <details> <summary>elastic/docs</summary> * packages/kbn-doc-links/src/get_doc_links.ts * packages/kbn-doc-links/src/types.ts </details> <details> <summary>elastic/security-defend-workflows</summary> * x-pack/plugins/security_solution/public/management/links.ts </details> <details> <summary>elastic/security-detection-engine</summary> * x-pack/test/security_solution_cypress/cypress/urls/navigation.ts </details> <details> <summary>elastic/security-detections-response</summary> * x-pack/test/security_solution_cypress/cypress/fixtures/asset_criticality.csv </details> <details> <summary>elastic/security-engineering-productivity</summary> * x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/asset_criticality_upload_page.cy.ts * x-pack/test/security_solution_cypress/cypress/fixtures/asset_criticality.csv * x-pack/test/security_solution_cypress/cypress/screens/asset_criticality.ts * x-pack/test/security_solution_cypress/cypress/tasks/asset_criticality.ts * x-pack/test/security_solution_cypress/cypress/urls/navigation.ts </details> <details> <summary>elastic/security-threat-hunting</summary> * x-pack/test/security_solution_cypress/cypress/fixtures/asset_criticality.csv </details> <details> <summary>elastic/security-threat-hunting-investigations</summary> * x-pack/plugins/security_solution/public/resolver/view/panels/node_list.tsx * x-pack/test/security_solution_cypress/cypress/urls/navigation.ts </details> --------- Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>	2024-04-12 10:11:44 -07:00
Sergi Massaneda	fb9d0956c5	[Security Solution] Add missing explore tab links to global search (#180319) ... ## Summary fixes: https://github.com/elastic/kibana/issues/180268 Adds the 3 missing tab links to the global search: - Hosts / All hosts - Users / All users - Network / Flows ### Screenshots <img width="648" alt="Captura de pantalla 2024-04-08 a les 19 14 31" src="c18ff55d-1b35-4b43-a312-61ef5497c1fb"> --- <img width="648" alt="All users" src="1d30470e-bc8e-4392-989e-200d09dcfdf6"> --- <img width="648" alt="flows" src="7019f079-229a-470b-ac15-3997e1379759">	2024-04-12 04:09:33 -07:00
Sébastien Loix	43de4b5d57	[Stateful sidenav] Update static definitions (#179043)	2024-04-03 15:43:21 +01:00
mohamedhamed-ahmed	6d55cc8e95	[Dataset quality] Add Flyout Integration Actions (#179401) ... closes https://github.com/elastic/kibana/issues/178843 ## 📝 Summary This PR adds actions to the integration section in the dataset quality flyout. These actions navigate to different integration-related pages. The Dashboards action is only visible if the integration does have dashboard assets installed, otherwise its hidden. ## 🎥 Demo 91c417e6-be7d-45eb-91dc-2f5b29e7aeb5 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-04-02 14:39:51 +02:00
Søren Louv-Jansen	bb72b3e8e9	[ObsAiAssistant] Move AI Assistant Management plugin to x-pack (#179235) ... This PR moves the AI Assistant Management plugin into x-pack to co-locate it with the other assistant plugins and to make it possible to statically import from the other assistant plugins. This is not currently possible because the Management plugin is in OSS and the other plugins are in xpack.	2024-03-25 08:36:36 -05:00
Sébastien Loix	37dee75e31	[Stateful sidenav] Add deeplink definitions & hide page side nav (#178861)	2024-03-20 12:39:47 +00:00
Panagiota Mitsopoulou	d5dfee7146	New slo plugin (#177937) ... Fixes https://github.com/elastic/kibana/issues/176420 ## 🍒 Summary This PR copies the SLO code that was inside the Observability app into its own app under `observability-solution/slo` folder. 4f6b8dfb-9612-4d30-ad50-4ee5c55a9c32 ## ✔️ Acceptance criteria - URL of new app: `app/slos` - Design and functionality are not changed. - Git history has been retained for all files in `x-pack/plugins/observability_solution/slo`. - SLO should appear on server less - SLO code inside `observability_solution/observability` code has been removed. A new clean up round might be needed though for possible leftovers. - Burn rate rule is registered within the new slo app - SLO embeddables are moved inside the new slo app - overview - alerts embeddable - error budget burn down - Alerts table configuration registration for slo details page and alerts table embeddable is still done in the observability app. Response Ops team is working on removing the need to register the alert table anyway - Slo app is wrapped into `ApplicationUsageTrackingProvider` which will send slo `Application usage` information tracked by the `slo` appId - Redirect old `app/observability/slos` route to `app/slos` - Rename old `xpack.observability.slo` keys to `xpack.slo` in the translation files ## 🌮 How to test Design and functionality didn't change, so simply navigate to existing slo pages and try to break it - Slo list page - group by - unified search - toggle buttons - actions - Slo creation - try group by as well - Slo detail page - Actions on top - navigate to overview and alerts tabs - Create SLO flyout in Logs Explorer - Create burn rate rules and verify they appear on rules page - Verify SLO alerts appear on Alerts page and slo details page - Embeddables - Through the dashboard app - Using the attach to dashboard action on the slo card item on slo list page and the error budget burn down chart on the slo detail page - SLOs only for platinum users - Permissions - Spaces ## TODO - [x] Move slo stuff from observability folder to new slo plugin - [x] Remove old slo stuff from observability folder - [x] Update references - [x] Fix typescript and eslint errors - [x] Paths - [x] Locators - [x] Burn rate rule registration - [x] Embeddable Alerts table configuration registration - [x] Embeddables - [x] Translations - [x] Verify plugin.ts files contain all registration logic - [x] public - [x] server - [x] Final cleanup for observability folder - [x] Run tests - [x] Application Usage (Telemetry) - [x] Permissions --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: shahzad31 <shahzad31comp@gmail.com> Co-authored-by: Coen Warmer <coen.warmer@gmail.com>	2024-03-19 03:17:34 -07:00
Elena Stoeva	dbf017ba31	Rename Management team name in codeowners file (#178626) ... The AppEx Management team was recently renamed on GitHub from `platform-deployment-management` to `kibana-management`. This PR updates the Codeowners file and all references to the team name. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-03-18 15:46:31 +00:00
Justin Kambic	3aa41121f6	[Synthetics] Fix breadcrumbs in serverless (#176947) ... ## Summary Resolves https://github.com/elastic/synthetics-dev/issues/289. The Synthetics plugin now consumes the Serverless breadcrumbs API when Kibana is running in Serverless mode. This patch will re-use all the Synthetics plugin's existing breadcrumb logic, with some minor modifications. At plugin start time, Synthetics will detect if Kibana is stateful or stateless, and either assign the `serverless.setBreadcrumbs` or `core.chrome.setBreadcrumbs` function to the props that get propagated to the `SyntheticsSettingsContext`. The breadcrumb hooks in the React code will now reference this field, rather than directly pulling `chrome.setBreadrumbs` from the Kibana services object as it did before. This patch also introduces a new deep link for the Settings page, and adds an associated object to the Observability project nav tree. One other thing to note is that this patch will also require Synthetics to add the `serverless` plugin as a dependency in its `kibana.json` file. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes&mdash;Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)	2024-03-05 08:39:52 -07:00
Yngrid Coello	623177fc90	[Dataset quality] using common data types for timeRange (#177630) ... This is a [follow up](https://github.com/elastic/kibana/pull/177000#discussion_r1495686459) PR of https://github.com/elastic/kibana/pull/177000. ## Changes - Replace custom types for `timeRangeConfig` in dataset quality with common types coming from data plugin.	2024-02-23 17:56:32 +01:00
Carlos Crespo	2ba6978e24	[Infra][Serverless] fix breadcrumb, page template and small layout issues (#177312) ... closes [176602](https://github.com/elastic/kibana/issues/176602) ## Summary This PR fixes a few small issues that became more evident in the serverless offering ### Serverless - Breadcrumbs <img width="1727" alt="image" src="5808ccd2-8733-406a-8a98-7aedb3e21e8a"> <img width="1727" alt="image" src="bac99d0c-8146-4946-acc8-7b52133d79fb"> <img width="1727" alt="image" src="34442e1f-f7ac-425f-9712-ad0a2188cace"> - Asset Details Page Template | before | after | | --- | --- | |<img width="1220" alt="image" src="4bb92ff0-5e27-4ca9-b177-ba2715996648">|<img width="1227" alt="image" src="3d6f1783-01a1-4413-8acf-640b0d6af7f1"> | The page now uses the `PageTemplate` from `observability-shared`, which is what other pages in observability use. ### Other fixes - Spacing between header and unified search in the Hosts View | before | after | | --- | --- | |<img width="884" alt="image" src="49727fc5-0f9b-4ee4-b560-b489c175b1ba">|<img width="885" alt="image" src="858e6930-6210-42a1-8414-bb6e5d60933c"> | The default spacing is 24px. For some reason, the hosts view had a 12px space between the 2 components. - Breadcrumb (still works as expected) <img width="1714" alt="image" src="ef019d40-2a88-4920-a5dc-ad72a8485536"> ### How to test - Start a serverless Kibana, ES instances and run metricbeat with system module enabled - run `yarn es serverless --projectType=oblt` and `yarn serverless-oblt` - Navigate to Inventory pages and APM Settings - Check the changes described above - Start a stateful Kibana instance - Navigate to inventory pages and APM Settings - Check the changes described above --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2024-02-23 15:59:20 +01:00