## Summary
This pr should change nothing functionally, but changes the selectors
used in components for sourcerer to make use of createSelector and
benefit from memoization at all times,
## Summary
This PR enables the overview tab and left section insights for a generic
event. When user to go `host` or `user` page and expand details for an
event, in addition to table and json tab, they now have access to:
- Overview tab on the right section, which provide description of the
event kind or event category (detail logic linked in comment), key
insights such as highlighted fields, entities, prevalence and
visualization previews (if available)
- Expanded details that includes entities details and prevalence details
Many sections are shared by the alert details flyout, which we are
hoping to provide a unified experience when user opens the details
flyout.
#### When overview and expanded sections are enabled ####
- Ideally `event.kind` and `event.category` should be ecs compliant,
meaning the field values are of `allowed_values` within [ecs
definition](https://www.elastic.co/guide/en/ecs/current/ecs-event.html).
- If the field is not ecs compliant, and it does not fit the criteria to
generate an event renderer, the overview tab and expanded sections are
hidden
#### Variations depending on event kind ####
There is a variation of the about section depending on `event.kind`:
- `event.kind == 'event'`
- This is the most general and common event document, hence we provide
details at the `event.category` level.
- The title is also dynamic based on the category type (i.e if
`event.category` is process, the `process.name` is displayed)
- `event.kind != 'event'`
- These are events that not as common/general as `event` so we are
providing description at the `event.kind` level
- The title matches the `event.kind` field
- `event.category` is included as a list of categories present for the
document
<img width="1006" alt="image"
src="bb540c62-4346-4dc6-8c11-3ad6cdd1e7c9">
#### How to test ####
- Enable feature flag `expandableEventFlyoutEnabled`
- Generate some event data (the resolver generate data script is
sufficient to the test main logic, to get the event renderer to show up,
see comment on feeding additional data), alternatively, auditbeat and
filebeat also feed event data.
- Go to Explore -> Host -> Events table -> expand event details
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Closes: https://github.com/elastic/security-team/issues/8566
Closes: https://github.com/elastic/security-team/issues/8569
## Description
The `<RuleSwitch />` component is currently flagged by the axe browser
plugin for lacking text or an accessible label in its button switch.
This pull request introduces support for the addition of the
`aria-label` attribute to address this issue. Additionally, adjustments
are made in two instances where this component is utilized within the
codebase.
## Screens
### Axe report
### A11y label
## Summary
This PR reverts most of the changes done in #176228 :
- Reverts changes to Connectors so that the Badge displayed for
SentinelOne is again showing "Technical Preview"
- Changes the badge displayed on the Host Isolation flyout and Responder
for SentinelOne host to "Technical Preview"
- Fixes#177337
IN addition, the following issue was also addressed:
- Corrected `i18n` definition for response action log history ( Fixes
#177185 )
_____________
### Host isolation flyout
<img width="1283" alt="image"
src="dc1f104a-9792-4aee-ae12-140489562d96">
### Responder
<img width="1272" alt="image"
src="6361008a-182f-4163-b754-92619b6c9ee1">
### Connector
<img width="638" alt="image"
src="338d03d9-b74d-479d-bfe2-d1796d1f2103">
<img width="1283" alt="image"
src="4eeeeccb-e966-4897-b97f-17696e0bd5ef">
## Summary
This fixes:
SDH issue **882**
https://github.com/elastic/kibana/issues/173627
### Before the fix
Note how the field actually displays an alias instead of the value. This
is due some fallback behavior I think.
### After the fix
The missing bit was the actual value to display as it was not passed
down correctly from the parent conext
### How to test this?
1. create custom index and populate it with data
```
PUT test
POST test/_doc
{
"user.id": "888",
"@timestamp": "2024-02-21T15:20:10.084Z"
}
```
2. create threshold rule looking like this:
3. actual value that triggered the alert should be rendered in the
highlighted fields panel in the flyout
Closes#176403
## Summary
This PR adds a filter for the `event.module` to be `system` because the
Hosts View is only compatible with the metrics-system indices - I added
a
[comment](https://github.com/elastic/kibana/issues/176403#issuecomment-1954232722)
to explain the change in the query. It adds infra client as part of the
synthtrace and a scenario to test the change
## Testing
- Use the new synthtrace scenario: `node scripts/synthtrace --clean
infra_hosts_with_apm_hosts.ts`
- By default there should be `10` host visible on the host view and 3
separate services in APM (the APM hosts should not be visible)
- The scenario can be used with different numbers of services/hosts for
example:
`node scripts/synthtrace --clean --scenarioOpts.numServices=5
--scenarioOpts.numHosts=5 infra_hosts_with_apm_hosts.ts`
- 5 hosts shown on Infrastructure > Hosts (the APM hosts should not be
visible)
- 5 services shown on APM > Services
- Use remote cluster (with APM)
- The hosts with `0` metrics coming from APM should not be visible:
<img width="1920" alt="image"
src="af69efc0-bbd9-47ae-8431-2a56fa0626c4">
## Summary
This fixes a serverless connector configuration bug where it move too
quickly, and adds an API key and config yml panel to the connector
config page that exists after it's been configured.
Resolves#173713
## Summary
This PR adds group by filters to the view in the app URL for the custom
threshold rule:
I also moved some types to the common folder and adjusted them to match
the reality.
## 🧪 How to test
- Create a custom threshold rule with group by
- One with persisted data view
- One with an ad-hoc data view
- Check the view in app link in the alerts table, you should also see
the group filters there.
- Check the view in app URL from the actions, it should also include the
group filters.
Fix https://github.com/elastic/kibana/issues/176668
## Summary
After a switch to model versions, saved object registrations are blocked
if any schema for a higher version is declared when not coupled with a
model version.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Updated the console route `/api/console/es_config` to default to the
`cloud.elasticsearchUrl` if it's available vs reading the first host
value from the legacy config. This will ensure that when a user use the
"copy as cURL" in the console the host will default to the cloud URL.
### Checklist
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR separates the reporting api client and the reporting share
plugin out of the reporting plugin. As a result, Jobs had to be taken
out of the plugin as well. This is work that will benefit the share
modal redesign epic by isolating the reporting share plugin code.
The share code is added to the @kbn/reporting-public package.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Timothy Sullivan <tsullivan@elastic.co>
## Summary
PR implements changes to the new Response Actions Client (server side)
so that it is also supports use of these clients for Automated Response
actions. Changes include:
- Change base class for response action clients sot hat it accepts a new
constructor argument: `isAutomated`
- Adds an additional (optional) argument to each of the response action
methods for allowing use from automated response actions
- Additional validations are now performed when
`writeActionRequestToEndpointIndex()` is called
- Endpoint Response Actions Client: Remove use of `createAction()`
(prior service - which will be deleted) and handle creation of response
actions in the class itself
- Changed detection engine processing of automated response actions so
that it uses the new Response Actions Client classes
> [!NOTE]
> There will be a subsequent PR created to remove modules that are no
longer needed now that all response actions are being processed by the
new Response Actions Client framework.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Close https://github.com/elastic/kibana/issues/176536
Close https://github.com/elastic/kibana/issues/176742
### Links to legacy visualization editors are once again disabled
<img width="208" alt="Screenshot 2024-02-14 at 10 19 52 AM"
src="711f5372-d7f6-4f0d-88c6-605e528d6f13">
### A better message in the inspector
<img width="685" alt="Screenshot 2024-02-14 at 10 23 25 AM"
src="734a8f6a-0f00-46c7-8d27-2a86a24cf7ab">
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
closes [144387](https://github.com/elastic/kibana/issues/144387)
## Summary
This PR changes the context Waffle context providers usage, so that they
are only used in the Inventory UI page. Therefore, removes the
`waffleTime`, `waffleOptions` and `waffleFilters` query parameters from
other Infrastructure pages:
Hosts View route example:
**Before**
```
https://edge-oblt.kb.us-west2.gcp.elastic-cloud.com/app/metrics/hosts?
waffleFilter=(expression:%27%27,kind:kuery)&
waffleTime=(currentTime:1708347453400,isAutoReloading:!f)&
waffleOptions=(accountId:%27%27,autoBounds:!t,boundsOverride:(max:1,min:0),customMetrics:!(),customOptions:!(),groupBy:!(),legend:(palette:cool,reverseColors:!f,steps:10),metric:(type:cpu),nodeType:host,region:%27%27,sort:(by:name,direction:desc),source:default,timelineOpen:!f,view:map)&
_a=(dateRange:(from:now-15m,to:now),filters:!(),limit:500,panelFilters:!(),query:(language:kuery,query:%27%27))&
controlPanels=(cloud.provider:(explicitInput:(fieldName:cloud.provider,id:cloud.provider,title:%27Cloud%20Provider%27),grow:!f,order:1,type:optionsListControl,width:medium),host.os.name:(explicitInput:(fieldName:host.os.name,id:host.os.name,title:%27Operating%20System%27),grow:!f,order:0,type:optionsListControl,width:medium),service.name:(explicitInput:(fieldName:service.name,id:service.name,title:%27Service%20Name%27),grow:!f,order:2,type:optionsListControl,width:medium))
```
**Now**
```
http://localhost:5601/ftw/app/metrics/hosts?
_a=(dateRange:(from:now-15m,to:now),filters:!(),limit:100,panelFilters:!(),query:(language:kuery,query:%27%27))&
controlPanels=(cloud.provider:(explicitInput:(fieldName:cloud.provider,id:cloud.provider,title:%27Cloud%20Provider%27),grow:!f,order:1,type:optionsListControl,width:medium),host.os.name:(explicitInput:(fieldName:host.os.name,id:host.os.name,title:%27Operating%20System%27),grow:!f,order:0,type:optionsListControl,width:medium),service.name:(explicitInput:(fieldName:service.name,id:service.name,title:%27Service%20Name%27),grow:!f,order:2,type:optionsListControl,width:medium))
```
**NOTE**: I had to refactor some alerting components because they were
depending on the `WaffleOptions` context to retrieve some properties
that are only relevant within the Inventory UI context
### How to test
- Start a local Kibana instance
- Navigate to the pages below and confirm that they work. `waffle` query
variables only exist in the Inventory UI
- Inventory
- Navigate to Pod details
- Create and load Saved Views
- Create Inventory and Metrics alerts
- Metrics
- Create and load Saved Views
- Create Inventory and Metrics alerts
- Hosts View
- Navigate Hosts Details
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Closes: https://github.com/elastic/security-team/issues/8565
## Summary
The [axe browser plugin](https://deque.com/axe) has identified four
links without clear text. Upon inspecting the page, it was found that
the SVG icons associated with each rule type are labeled as <a> but with
a negative tabindex, rendering them inaccessible for keyboard
navigation. Additionally, these icons lack an accessible label.
To address this issue, the <a> tag for the SVG icons has been removed.
SVGs inherently possess the appropriate role and aria-hidden attributes,
designating them as decorative elements for assistive technology.
### Screen
### AXE Report
#### Before
#### After
## For discussion only
Alternatively I recommend to refactor LandingLinkIcon component to use
`EuiCard` to make it more EUI friendly e.g.
<img width="1308" alt="image"
src="ca76191f-bec7-473b-af73-838fcdee76af">
POC: [Alternative fix
for](69c9375192)
## Summary
Create flyout !!
Separate Flyout from the PR
https://github.com/elastic/kibana/pull/176024 to move ahead !!
Example usage [PR](https://github.com/elastic/kibana/pull/176024)
## Scenarios to test
### Default SLO creation (no UI change)
c7910ef8-9bd9-43f5-ab3b-aac181b8c46b
---------
Co-authored-by: Panagiota Mitsopoulou <giota85@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Fixes https://github.com/elastic/kibana/issues/172443,
https://github.com/elastic/kibana/issues/177430
This PR indexes `labels` without flattening in alert documents. Also,
updated `synthtrace` to generate data with `labels` where some documents
have label with string value and others have same label with an array of
string values.
### Alert with single value for the label
<img width="625" alt="Screenshot 2024-02-21 at 14 09 37"
src="a05a1df8-78f4-48f2-9935-21c18d223cb2">
### Alert with an array of values for the label
<img width="635" alt="Screenshot 2024-02-21 at 14 10 14"
src="30115181-fa94-4c8c-8201-3cbc0d51f894">
### All active alerts are displayed in UI
<img width="1325" alt="Screenshot 2024-02-21 at 14 12 06"
src="2aee71fd-639a-4954-a5d9-7136571c6b1f">
### All recovered alerts have a proper reason message and `View in app`
link
<img width="1267" alt="Screenshot 2024-02-21 at 14 14 15"
src="50b5801b-5a4a-4d99-a9e1-037d6a69a661">
### How to test
1. Generate data with `node scripts/synthtrace.js simple_trace --live`
2. Create APM Latency threshold/Failed transaction rate/Error count rule
3. Verify that both types of labels (with string, and with array of
strings) are able to correctly index in alert documents
4. Verify that all active alerts are displayed in UI
5. Verify that recovered alerts have proper reason message and `View in
app` link
## Summary
Fix https://github.com/elastic/kibana/issues/177138
- Add a `http.payloadTimeout` configuration option, to control the
payload timeout
- Set the default value for this option to `20s` (was `10s` previously)
Closes https://github.com/elastic/kibana/issues/176069
## Summary
This adds the logic to register a new Saved Object type to store custom
dashboards for Asset Details and adds endpoints to fetch and save custom
dashboards.
Changes highlights:
* Renamed the `enableInfrastructureHostsCustomDashboards` to
`enableInfrastructureAssetCustomDashboards` to make it more generic and
support additional asset types in the future
* Added a new Saved Object type
* Moved initialization of all Infra endpoints to plugin's `start`. This
one one of the points on [the BE tech debt
ticket](https://github.com/elastic/kibana/issues/175975). Having
endpoint initialization in `start` makes it more convenient to access
start dependencies which almost all endpoints require.
* Added `savedObjectClient` and `uiSettingsClient` to the custom request
context (also one of the ideas for endpoints improvement). Right now
infra endpoints use custom `libs` object with all dependencies required
for routes, the idea is to rely on the request context instead because
it automatically available for every route handler and by default
includes some useful things like scoped service clients.
* Added a wrapper `handleRouteErrors` to avoid error handling
duplication which we now have in a few routes. In the future we could do
something similar right within `registerRoutes` framework function, but
this would require a bit of refactoring.
## Hot to Test
1. Toggle the UI setting off in Advanced Settings
2. Go to the Dev Tools and try the endpoints, both should respond with
403
```
GET kbn:api/infra/custom-dashboards/host
POST kbn:api/infra/custom-dashboards
{
"assetType": "host",
"dashboardIdList": ["0", "1"]
}
```
3. Toggle the UI setting on
4. Try the endpoints again, now they should work as expected
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Fixes https://github.com/elastic/kibana/issues/167572
- A new `SLO Error budget burn down` embeddable is added to the
Dashboard app
- A new `Attach to Dashboard` action is added to the Error budget burn
down chart in the SLO details page
- The selected SLO name is clickable and opens the SLO details page in a
Flyout
- The `Attach to Dashboard` action is hidden while on Dashboard app
9a1d257a-0122-415f-ac5c-94c4aa0dff91
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/175418
This is as simple as removing the Tech Preview badge from the chart
switcher. Region maps were already part of our suggestions.
<img width="463" alt="image"
src="4fd4d868-bbcb-4803-a020-c1592e3d1c37">
Although region map usage in Lens is quite low, we decided to move it to
GA. I have discussed it with @nreese asynchronously.
I ran the flaky test and they all passed.
There are still many tests skipped though. But I'll deal with them on
another PR.
<img width="1331" alt="Screenshot 2024-02-21 at 14 29 32"
src="9b307e2a-2bb8-40cf-b2c7-d18772f4b9cc">
Closes: https://github.com/elastic/security-team/issues/8578
## Description
The [axe browser plugin](https://deque.com/axe) is reporting the `Case
Detail` view has a custom select without an accessible name. This PR
address that issue adds `aria-label` attribute for `Sort By` combobox
## Screens
The PR adds the Degraded Docs insights panel which shows the percentage
of degraded docs over time using Lens Embeddable.
<img width="621" alt="Screenshot 2024-02-14 at 13 25 19"
src="2ae421b1-bfae-44e2-8da5-a2063061d761">
<img width="981" alt="Screenshot 2024-02-14 at 13 15 33"
src="7d70cb6b-0d5a-4c7c-84f6-509eb12886d3">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
