# Summary
As part of the effort to add missing content for Security APIs, this PR
introduces a few missing request, response, and parameter examples for
Detection Engine Exception APIs.
https://github.com/elastic/kibana/pull/205341 removed
`dshDashboardViewportWrapper--isFullscreen` from
"src/platform/plugins/shared/dashboard/public/dashboard_container/component/viewport/_dashboard_viewport.scss".
The PR failed to remove the class from rendered DOM.
## Summary
This is to support https://github.com/elastic/synthetics/issues/978
Increase lightweight monitors project page size, size of light weight
monitors is minimal, heaving a small size is more of a burden then
advantage since we do batch operations in kibana !!
### Why
Since limit is only mostly applicable for browser monitors size, for
lightweight we can safely do bulk operation on large number of monitors
without hititng memory or size issues
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Justin Kambic <jk@elastic.co>
## Summary
Skip asset criticality integration test on MKI
---------
Co-authored-by: Jared Burgett <147995946+jaredburgettelastic@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/security-team/issues/11463.
Reuse AssetCriticalityBadge component from Entity Analytics to render
the criticality status in the Asset Inventory data grid.
### Screenshots
| Before | After |
|--------|--------|
| <img width="168" alt="Screenshot 2025-01-16 at 17 16 21"
src="https://github.com/user-attachments/assets/45d23ce9-a8dc-4f0c-8545-39afff824708"
/> | <img width="169" alt="Screenshot 2025-01-16 at 17 16 09"
src="https://github.com/user-attachments/assets/b3b6bedf-cdb9-49b5-9c1f-6dd3d24b3389"
/> |
### Definition of done
- [x] Add a **Criticality** circle badge to the **Criticality** column
in the Asset Inventory DataGrid.
- [x] ~~Implement the badge styling:~~ Ended up reusing
`AssetCriticalityBadge` component from Entity Analytics
- Use the **Criticality Palette and mapping** defined in the [Asset
Criticality Badge
Utility](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/asset_criticality/asset_criticality_badge.tsx)]
for color coding.
- Ensure the badge's color accurately reflects the asset’s criticality
level (e.g., Low, Medium, High, Critical, Extreme).
- [x] Ensure the badge includes:
- A circular design with a color representing the criticality level.
- [ ] Add unit tests to verify:
- Correct color mapping based on criticality levels.
- Proper rendering of the badge in the DataGrid.
- [x] Update mock data for the DataGrid to include criticality levels
for testing and development.
### Checklist
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
No risks.
## Summary
Only log out the number of attempts when the `retryCount` is truthy
Previously we were seeing the attempt counter, constantly reporting 0
for each attempt.
### To Run Locally
```
node scripts/jest --config packages/kbn-ftr-common-functional-services/jest.config.js
```
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
While looking at the `packages` folder at the root of Kibana, I noticed
some files were left over in otherwise empty folders:
- 2 README files were left in the `content-management` folder
- 1 README file and 1 png file were left in the `react` folder
The rest of the content was moved to a new location as part of the
Sustainable Kibana Architecture effort (see [this
PR](https://github.com/elastic/kibana/pull/205593) and [that
one](https://github.com/elastic/kibana/pull/205924)) and I wonder if
those few files were left behind by mistake.
I did not making any changes to the content of the files, I just moved
them to their respective new locations.
Please let me know if these were left behind intentionally, or if they
should be deleted instead of moved!
### Notes
The `appex-sharedux` codeowner only appeared after pushing the second
commit which impacts the `react` folder. I realized that the codeowners
file was pointing to the folder within
`src/platform/packages/shared/content-management/content_insights` and
`src/platform/packages/shared/content-management/favorites` so update it
to point to the parent folder, which now contains the moved README
files. I hope that's ok!
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR consolidates the multiple `server/streams/*` route files into 4
`route.ts` files to optimize the Typescript parsing. I tried to organize
the routes into 4 logical groups:
- CRUD - edit, list, read, delete
- Management - fork, resync, status, sample
- Schema - unmapped fields, schema simulation
- Enablement - disable, enable
I left everything else "as is" since @dgieselaar is currently doing a
refactor to consolidate most of the features into a new `StreamsClient`
similar to the `AssetClient`
Closes https://github.com/elastic/kibana/issues/201642
## Summary
### Problem
1. Before a conversation is generated from contextual insights (before
`Help me understand this alert` is clicked), if the user clicks on `Edit
Prompt`, the prompt to edit is not loaded. An empty input box is loaded.
2. When a new prompt is typed in the empty input box and submitted, it
throws an error (because the way the new prompt is assigned to the
conversation errors out)
3. After clicking on "Help me understand this alert", if the user clicks
on `Edit Prompt`, a large string is loaded with contextual information,
as the prompt to edit. This is not user-friendly.
(All of the above can be seen in the screen recording before the changes
- attached below)
### Solution
1. Wait for the messages to be generated and then load the correct
initial prompt to edit.
2. When re-assigning the new prompt to the messages, make sure to parse
it and then assign correctly so that editing the prompt is user
friendly.
### Checklist
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Closes#200474
## Summary
This PR fixes the issue with tracing sample missing URL/Status Code/User
Agent fields in the overview
## Testing
- Open the APM UI and find APM traces that contains `url.full` /
`transaction.page.url`, `http.request.method` and
`http.response.status_code`
- One should be ingested using an otel collector the other should use an
apm-server
- if using oblt cluster you can check transactions from `loadgenerator`
and `opbeans-python` for example
- check the trace summary:
- Otel:
- APM server:
## Summary
Closes https://github.com/elastic/security-team/issues/11270.
### Screenshots
<details><summary>Current state</summary>
<img width="1486" alt="Screenshot 2025-01-15 at 17 28 42"
src="https://github.com/user-attachments/assets/1a39ae67-406c-464d-849b-0fba3380e982"
/>
</details>
<details><summary>Current state + RiskBadge + Criticality + SearchBar
(implemented in separate PRs)</summary>
<img width="1752" alt="Screenshot 2025-01-13 at 16 34 10"
src="https://github.com/user-attachments/assets/bca30c71-dba3-4505-aba6-a3787ba7f6b1"
/>
</details>
### Definition of done
> [!NOTE]
> For now it only works with static data until backend is ready
- [x] Implement DataGrid using the `<UnifiedDataTable>` component, based
on
[[EuiDataGrid](https://eui.elastic.co/#/tabular-content/data-grid)](https://eui.elastic.co/#/tabular-content/data-grid),
ensuring consistency with Kibana standards.
- [x] Configure columns as follows:
- **Action column**: No label; includes a button in each row to expand
the `EntityFlyout`.
- **Risk**: Numerical indicators representing the asset's risk.
- **Name**: The name or identifier of the asset.
- **Criticality**: Displays priority or severity levels (e.g., High,
Medium, Low). Field `asset.criticality`
- **Source**: Represents the asset source (e.g., Host, Storage,
Database). `asset.source`
- **Last Seen**: Timestamp indicating the last observed data for the
asset.
- [x] Add static/mock data rows to display paginated asset data, with
each row including:
- Buttons/icons for expanding the `EntityFlyout`.
- [x] Include the following interactive elements:
- [x] Multi-sorting: Allow users to sort by multiple columns (e.g., Risk
and Criticality). **This only works if fields are added manually to the
DataView**
- [x] Columns selector: Provide an option for users to show/hide
specific columns.
- [x] Fullscreen toggle: Allow users to expand the DataGrid to
fullscreen mode for enhanced visibility.
- [x] Pagination controls: Enable navigation across multiple pages of
data.
- [x] Rows per page dropdown: Allow users to select the number of rows
displayed per page (10, 25, 50, 100, 250, 500).
- [x] Enforce constraints:
- Limit search results to 500 at a time using `UnifiedDataTable`'s
pagination helper for loading more data once the limit is reached.
### Out of scope
- Risk score colored badges (implemented in follow-up PR)
- Group-by functionality or switching between grid and grouped views
- Field selector implementation
- Flyout rendering
### Duplicated files
> [!CAUTION]
> As of now, `<UnifiedDataTable>` is a complex component that needs to
be fed with multiple props. For that, we need several components, hooks
and utilities that currently exist within the CSP plugin and are too
coupled with it. It's currently not possible to reuse all this logic
unless we move that into a separate @kbn-package so I had to temporarily
duplicate a bunch of files. This is the list to account them for:
- `hooks/`
- `use_asset_inventory_data_table/`
- `index.ts`
- `use_asset_inventory_data_table.ts`
- `use_base_es_query.ts`
- `use_page_size.ts`
- `use_persisted_query.ts`
- `use_url_query.ts`
- `utils.ts`
- `data_view_context.ts`
- `use_fields_modal.ts`
- `use_styles.ts`
- `components/`
- `additional_controls.tsx`
- `empty_state.tsx`
- `fields_selector_modal.tsx`
- `fields_selector_table.tsx`
This ticket will track progress on this task to remove duplicities and
refactor code to have a single source of truth reusable in both Asset
Inventory and CSP plugins:
- https://github.com/elastic/security-team/issues/11584
### How to test
1. Open the Index Management page in
`http://localhost:5601/kbn/app/management/data/index_management` and
click on "Create index". Then type `asset-inventory-logs` in the
dialog's input.
2. Open the DataViews page in
`http://localhost:5601/kbn/app/management/kibana/dataViews` and click on
"Create Data View".
3. Fill in the flyout form typing the following values before clicking
on the "Save data view to Kibana" button:
- `asset-inventory-logs` in "name" and "index pattern" fields.
- `@timestamp` is the value set on the "Timestamp field".
- Click on "Show advanced settings", then type
`asset-inventory-logs-default` in the "Custom data view ID" field.
4. Open the Inventory page from the Security solution in
`http://localhost:5601/kbn/app/security/asset_inventory`.
<details><summary>Data View Example</summary>
<img width="894" alt="Screenshot 2025-01-10 at 11 09 00"
src="https://github.com/user-attachments/assets/9a20f504-e602-4b67-a24e-0341f447878e"
/>
</details>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Risks
No risks at all.
As discussed in
https://github.com/elastic/streams-program/issues/26#issuecomment-2592146590,
it's currently not possible to create a wired stream multiple levels
deep in the hierarchy with a single request, as its implicit parents
won't be created properly.
This PR is fixing this issue by recursively calling `upsertStream` for
the parent as long as necessary.
It also adds a validation for children specified in the routing to make
sure they don't skip levels.
## Summary
- Updates `scripts/dependency_ownership` to use the
`@kbn/dev-cli-runner` for consistency with other CI-related CLIs.
- Adds a new `failIfUnowned` flag to exit with an error code if any
dependencies are unowned.
- Adds a new dependency ownership check to `quick_checks` and `renovate`
CI steps.
From a CI run, the additional quick check executes successfully in 3
seconds:
```sh
info [quick-checks] Passed check: /opt/buildkite-agent/builds/bk-agent-prod-gcp-abc123/elastic/kibana-pull-request/kibana/.buildkite/scripts/steps/checks/dependencies_missing_owner.sh in 3s
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fix https://github.com/elastic/kibana/issues/205921
- Implements a new summary strategy for the product documentation, based
on `semantic_text` highlights
- set that new strategy as the default one
### Why ?
Until now, in case of excessive token count, we were using a LLM based
summarizer. Realistically, highlights will always be worse than calling
a LLM for a "in context summary", but from my testing, highlights seem
"good enough", and the speed difference (instant for highlights vs
multiple seconds, up to a dozen, for the LLM summary) is very
significant, and seems overall worth it.
The main upside with that change, given that requesting the product doc
will be waaaay faster, is that we can then tweak the assistant's
instruction to more aggressively call the product_doc tool between each
user message without the risk of the user experience being impacted
(waiting way longer between messages). - *which will be done as a
follow-up*
### How to test ?
Install the product doc, ask questions to the assistant, check the tool
calls (sorry, don't have a better option atm...)
Note: that works with both versions of the product doc artifacts, so
don't need the dev repository
Closes https://github.com/elastic/kibana/issues/206394
This adds `authz` definitions to all Onboarding routes. In all cases
authorization is either done using saved objects or ES clients, with a
couple of exceptions for endpoints that are ment to be accessed from a
terminal and using an API key with a specific privileges which do not
include access to saved objects. In that case we're using internal user
client.
## Summary
Closes https://github.com/elastic/kibana/issues/201079
This PR fixes 2 bugs in the ES\QL history component
1. The sorting function was wrong (did the opposite than it was supposed
to do 🙈 )
2. The status code now it is been submitted correctly
## Summary
Today, when a developer deprecates a feature and replaces its privileges
with those of another feature, we reasonably assume that the new feature
fully replaces the old one in all possible contexts - whether in role
management UIs or in the Spaces feature toggles visibility UI. However,
when deprecated privileges are replaced by the privileges of multiple
features, such as in [this
case](https://github.com/elastic/kibana/pull/202863#discussion_r1892672114)
where the Discover/Dashboard/Maps feature privileges are replaced by the
privileges of Discover_v2/Dashboard_v2/Maps_v2, respectively, **and**
the privileges of the Saved Query Management feature, the choice is
ambiguous.
Which of these features should be treated as the replacement for the
deprecated feature in contexts that deal with entire features (like the
Spaces feature toggles visibility UI) rather than individual privileges
(like in role management UIs)? Should all referenced features be
considered replacements? Or just a subset - or even a single feature? If
so, which one? Currently, we treat all referenced features as
replacements for the deprecated feature, which creates problems, as
described in detail in [this
discussion](https://github.com/elastic/kibana/pull/202863#discussion_r1892672114).
This PR allows developers to customize this behavior by specifying which
features Kibana should treat as direct successors to deprecated features
in contexts that deal with whole features rather than individual
privileges:
```ts
deps.features.registerKibanaFeature({
deprecated: {
notice: 'The feature is deprecated because … well, there’s a reason.',
--> replacedBy: ['feature_id_v2'], <--
},
id: 'feature_id'
name: `Case #4 feature ${suffix} (DEPRECATED)`,
…
});
```
## How to test
1. Run test server
```bash
node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts
```
2. Execute the following request from the Dev Tools (`case_4_feature_a`
is a deprecated feature that is replaced by multiple features and
**doesn't use** `deprecated.replacedBy`)
```http
PUT kbn:/api/spaces/space/default?overwrite=true
{
"id":"default",
"name":"Default",
"description":"This is your default space!",
"color":"#00bfb3",
"disabledFeatures":["case_4_feature_a"],
"_reserved":true,
"imageUrl":"",
"initials":"D"
}
```
3. Observe that in response deprecated `case_4_feature_a` is replaced by
two features (you can also check
http://localhost:5620/app/management/kibana/spaces/edit/default to see
how it's reflected in UI)
```http
{
"id": "default",
"name": "Default",
"description": "This is your default space!",
"color": "#00bfb3",
"initials": "D",
"imageUrl": "",
"disabledFeatures": [
"case_4_feature_a_v2",
"case_4_feature_c"
],
"_reserved": true
}
```
4. Execute the following request from the Dev Tools (`case_4_feature_b`
is a deprecated feature that is replaced by multiple features, but
**uses** `deprecated.replacedBy` to set the conceptual
feature-successor)
```http
PUT kbn:/api/spaces/space/default?overwrite=true
{
"id":"default",
"name":"Default",
"description":"This is your default space!",
"color":"#00bfb3",
"disabledFeatures":["case_4_feature_b"],
"_reserved":true,
"imageUrl":"",
"initials":"D"
}
```
5. Observe that in response deprecated `case_4_feature_b` is replaced by
a single feature (you can also check
http://localhost:5620/app/management/kibana/spaces/edit/default to see
how it's reflected in UI)
```http
{
"id": "default",
"name": "Default",
"description": "This is your default space!",
"color": "#00bfb3",
"initials": "D",
"imageUrl": "",
"disabledFeatures": [
"case_4_feature_b_v2"
],
"_reserved": true
}
```
__Required by:__
https://github.com/elastic/kibana/pull/202863#discussion_r1892672114
//cc @davismcphee
## Summary
This PR addresses
[#198761](https://github.com/elastic/kibana/issues/198761), which
enhance onboarding card layouts for better usability and engagement.
The following updates have been implemented:
- New Card Layouts:
Applied to `alerts`, `dashboards`, and `rules` cards.
Previously, each card displayed a description on the left and a static
asset on the right.
The updated design introduces a list of selectable items on the left
side. Selecting an item updates the right-side content to display a
corresponding video.
- New Components:
`OnboardingCardContentAssetPanel`: A reusable component designed to
render children and display an asset, supporting both image and video
types.
`CardSelectorList`: A flexible component for rendering a list of
selectable items provided to it, enabling the new card interaction
behavior.
- Persistent Selection:
The current selection for each card is now saved in localStorage using
keys specific to each card type (alerts, dashboards, and rules).
This ensures the last selection is remembered, and when the card is
expanded (on initial render or later), the component will automatically
scroll to and highlight the saved selection.
https://github.com/user-attachments/assets/ffc02c3c-625f-46ec-aff0-1bb1e9b73bb3
### Checklist
Delete any items that are not applicable to this PR.
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sergi Massaneda <sergi.massaneda@gmail.com>
## Summary
Related to https://github.com/elastic/kibana/issues/206710
Add a `modelName` parameter to the chatComplete inference API, and wire
it accordingly on all adapters.
That parameter can be used to override the default model specified by
the connector, at call time.
## Summary
Closes https://github.com/elastic/kibana/issues/206712
This PR addresses an issue with the `MobileLocationStats` component in
the Service Overview.
In one of our charts, we were passing data to a `Metric` component where
the `trend` property was set to `undefined`. By definition, it should be
an empty array if there's no value. Initially, this wasn’t an issue
because no error appeared visually. However, after an update to the
`@elastic/charts` library, a full-screen error was triggered.
Additionally, a conversation has been initiated with the maintainers of
`@elastic/charts` to explore making the typings stricter, as we didn’t
receive any TypeScript warnings, even though the `trend` property should
not be `undefined`.
|Before|After|
|-|-|
|||
Fixes#206588
## Summary
This PR fixes the `Unable to load page` error on the alert details page
when the query has a leading wildcard by passing the uiSetting config to
the buildEsQuery helper in the LogRateAnalysis component.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
# Summary
As part of the effort to add missing content for Security APIs, this PR
introduces a few missing request, response, and parameter examples for
Security Entity Analytics APIs.
All of the affected APIs are the Asset Criticality APIs.
# How to Test
Until the docs are deployed, this can be tested by navigating to
https://editor.swagger.io/ and pasting in the fully bundled file, which
can be found
[here](f905638686/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml)
in the PR
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
### Connector Changes
- Added support for sort field to the Machine Actions Microsoft Defender
API method
### Security Solution
- Add error handling to the calls made to a Connector's `.execute()` and
throws a more details error message
- Added logic to the Agent Status client for MS Defender to calculate
the agent's Isolated status by querying for Machine Actions
- Note: Due to API rate limits, which I believe may be associated with
the current Microsoft Defender test environment we are using, the agent
status in kibana (ex. Alert flyout, console) may flip to `Unenrolled`
periodically
