## Summary
Main ticket ([Internal
link](https://github.com/elastic/security-team/issues/10142))
With these changes we make sure that we return attack discovery fields
reformatted to a nice markdown text. We already format discovery details
when we create a new Case and add markdown comment to it.
### To Test
1. Create attack discovery schedule
2. Add an action to the schedule (email, slack etc.)
3. Select `For each alert > Per rule run` action frequency
4. Update subject, body or other fields of the connector to include
discovery details through the context variables
5. Wait until the action is triggered and check the received message
### Example of the email connector fields
**Subject**:
```
{{context.attack.title}}
```
**Message**:
```
{{{context.attack.detailsMarkdown}}}
{{{context.attack.detailsUrl}}}
```
<img width="665" alt="Screenshot 2025-06-25 at 18 05 30"
src="https://github.com/user-attachments/assets/71b2e02b-0437-4486-a584-108bec4d477f"
/>
which will result in an email similar to this one
<img width="1125" alt="Screenshot 2025-06-25 at 17 54 32"
src="https://github.com/user-attachments/assets/fefe60f0-e560-4288-9ec8-d1d444feb950"
/>
## NOTES
The feature is hidden behind the feature flag (in `kibana.dev.yml`):
```
feature_flags.overrides:
securitySolution.attackDiscoveryAlertsEnabled: true
securitySolution.assistantAttackDiscoverySchedulingEnabled: true
```
## Summary
Part of https://github.com/elastic/kibana-team/issues/1503
This PR is mostly about moving tests from x-pack/test/
Before:
```
x-pack/test/
| - reporting_api_integration/
| - reporting_functional/
```
After:
```
x-pack/platform/test/
| - reporting_api_integration/
| - reporting_functional/
```
Few page objects, required by functional tests, were relocated as well
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/218433
This change adds more descriptive error messages inside telemetry events
in the auto detect onboarding flow. The extended error message be shown
to the user as well.
* New telemetry event for the case when user is not running the script
as `root`
* If Agent fails to download, bot the original error from `curl` and the
download URL will be logged
* If Agent fails to extract, error message from `tar` command will be
logged
* If Agent fails to install, error message from `elastic-agent install`
command will be logged
* Error response from the integrations install endpoint will be logged
Example telemetry event:
Example terminal output:
## How to test
In order to simulate errors for all scenarios, you going to need to
modify the `auto_detect.sh` script to make it intentionally fail, like
adding extra character to the EA download URL. You can modify it
directly in the source if you're running Kibana locally, or you can
modify it after it was downloaded and before running it.
To test just one use-case without the script manipulations, you can
modify the EA download URL inside the code snippet provided by Kibana.
**Whatever way you choose, still go though the flow and make sure the
successful path works as expected.**
You can check the telemetry events emitted from the flow on [the staging
telemetry
cluster](https://telemetry-v2-staging.elastic.dev/s/observability-ux/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:now-24h%2Fh,to:now))&_a=(columns:!(),dataSource:(dataViewId:b4befdd3-9a15-40c2-be4d-3ac1084d6182,type:dataView),filters:!(),interval:auto,query:(language:kuery,query:'event_type%20:%20%22observability_onboarding%22'),sort:!(!('@timestamp',desc)))),
but keep in mind that events delivered there with a delay of a couple of
hours 😢
---------
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
## Summary
Bug description (also the bug video below):
The bug occurred in the Customize Panel Editor, where the
PanelTitle—even when matching the defaultTitle from the central Saved
Object—was not always properly synchronized with that object. This led
to situations where the title was incorrectly stored as a custom
override, breaking the link to the saved object. There were two specific
cases where this happened:
Adding a panel from the library, then opening Customize Panel and
clicking Apply without making changes
After adding a panel from the library, the user opens the Customize
Panel Editor via the settings icon. Without making any changes to the
title, they exit the editor by clicking the Apply button instead of the
close icon. This causes the defaultTitle to be unnecessarily written
into the title field of the API object, which then treats it as a custom
title—breaking future synchronization with the saved object.
Resetting the title to default after a change
The user changes the panel title in the Customize Panel Editor and
clicks Apply. Later, they reopen the editor and click Reset to default.
This correctly restores the title from the central saved object, but it
is again written into the title field of the API object. Although the
value matches the current defaultTitle, it is now treated as custom. If
the central title changes later, the panel title will no longer
update—breaking synchronization again.
Fix:
The logic was updated to correctly detect when the panel title matches
the defaultTitle. In such cases, it clears the title field in the API
(by setting it to undefined) to indicate that the panel should inherit
the title from the saved object. This ensures proper synchronization:
any future updates to the saved object's title will be reflected
automatically in the panel.
Closes#188858
Below the bug video:
https://github.com/user-attachments/assets/f784679c-8eaa-47b4-942d-e3802faee076
## Summary
The bug: A field with the expected name `user.name.keyword` but with the
wrong mapping was returned.
How to fix it? `fieldCaps` was returning unmapped mixed with mapped
fields. This change forces the API to return the `fields` property with
a list of all indices matching `user.name.keyword`.
More information on [this
slack](https://elastic.slack.com/archives/C0D8ST60Y/p1750661564933609) 🧵
### How to test it?
* Create an index with the correct mapping
```
PUT /test-index1
{
"mappings": {
"properties": {
"user.name.keyword": {
"type": "text"
}
}
}
}
```
* Create an index with the wrong mapping
```
PUT /test-index2
{
"mappings": {
"properties": {
"user.name.keyword": {
"type": "text"
}
}
}
}
```
* Go to the manage data sources page
* Only `test-index1` should be returned
## Summary
Fix the FORK removal logic to insert the branch in the correct position
when only one FORK branch is valid.
### How to reproduce it
* Start empty kibana
* Generate data with resolve_generator `node
x-pack/solutions/security/plugins/security_solution/scripts/endpoint/resolver_generator.js`
* Go to "Privileged user monitoring" page and add some privileged users
* On the Dashboard page, scroll down to "Privileged user activity" and
click the "Authentications" tab
* It should display "No results found" instead of an error
### Before fix
### After fix
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Coming from the conversation from here:
https://github.com/elastic/kibana/pull/225339#discussion_r2167248942 and
a proposal from @akowalska622, we noticed that the useMemoCss doesn't
catch the keys of the css object. This fixes it.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Skips the Dataset Quality API integration test suite which
depends on reading Failure Store index privileges. Because when this
test suite runs in Kibana 8.19 against ES 9.0 in a forward compatibility
test runs, it raises the error:
```bash
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.223+00:00][WARN ][http.server.kbn-internal-api-restricted] Access to uri [/internal/dataset_quality/data_streams/logs-synth.fs-default/details] with method [get] is deprecated {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.252+00:00][ERROR][plugins.datasetQuality] illegal_argument_exception
[00:04:43] │ proc [kibana] Root causes:
[00:04:43] │ proc [kibana] illegal_argument_exception: unknown index privilege [read_failure_store]. a privilege must be either one of the predefined fixed indices privileges [all,auto_configure,create,create_doc,create_index,cross_cluster_replication,cross_cluster_replication_internal,delete,delete_index,index,maintenance,manage,manage_data_stream_lifecycle,manage_follow_index,manage_ilm,manage_leader_index,monitor,none,read,read_cross_cluster,view_index_metadata,write] or a pattern over one of the available index actions {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.291+00:00][WARN ][http.server.kbn-internal-api-restricted] Access to uri [/internal/dataset_quality/data_streams/logs-synth.no-default/details] with method [get] is deprecated {"service":{"node":{"roles":["background_tasks","ui"]}}}
[00:04:43] │ proc [kibana] [2025-06-25T05:40:33.305+00:00][ERROR][plugins.datasetQuality] illegal_argument_exception
```
This happens because the test accesses endpoint
`data_stream/{index}/details` which inquire user's index privileges
including `read_failure_store`, which is not available in **ES 9.0** as
`ES 9.0` does not support Failure Store.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## 📓 Summary
Closes https://github.com/elastic/observability-dev/issues/4511
Apply the following restrictions based on the serverless project tier:
- Grok patterns suggestions (only available on complete tier)
- Restrict suggestions API
- Restrict UI control to generate suggestions
- Date formats suggestions (only available on complete tier)
- Restrict suggestions API
- Restrict UI control to generate suggestions
- Restrict autocomplete
- Significant events (only available on complete tier)
- Restrict read API
- Last restrictions to be applied when [[Streams] Significant events
view](https://github.com/elastic/kibana/pull/220197#top) is merged.
**N.B.** All the above restrictions are only applied to Serverless
Observability projects on the Logs Essentials tier.
## 🧪 How To Test
* Modify `config/serverless.oblt.dev.yml` to include:
```yaml
pricing.tiers.products:
- name: observability
tier: logs_essentials
```
* Run Kibana locally
* In a stream detail view, go to management and try creating a grok
processor or a date one.
* It should NOT display the patterns generation button, nor it should
autocomplete the date processor formats and show its generate button.
Additionally, switch back to `tier: complete` in
`config/serverless.oblt.dev.yml` and make sure that ML/AI assisted flows
look as usual.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [diff](https://redirect.github.com/kpdecker/jsdiff) | dependencies |
patch | [`^8.0.1` ->
`^8.0.2`](https://renovatebot.com/diffs/npm/diff/8.0.1/8.0.2) |
---
### Release Notes
<details>
<summary>kpdecker/jsdiff (diff)</summary>
###
[`v8.0.2`](https://redirect.github.com/kpdecker/jsdiff/blob/HEAD/release-notes.md#802)
[Compare
Source](https://redirect.github.com/kpdecker/jsdiff/compare/v8.0.1...v8.0.2)
- [#​616](https://redirect.github.com/kpdecker/jsdiff/pull/616)
**Restored compatibility of `diffSentences` with old Safari versions.**
This was broken in 8.0.0 by the introduction of a regex with a
[lookbehind
assertion](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Lookbehind_assertion);
these weren't supported in Safari prior to version 16.4.
- [#​612](https://redirect.github.com/kpdecker/jsdiff/pull/612)
**Improved tree shakeability** by marking the built CJS and ESM packages
with `sideEffects: false`.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkRhdGFEaXNjb3ZlcnkiLCJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
## Summary
This PR splits out a separate class from `DiscoverEBTManager` called
`ScopedDiscoverEBTManager`, similar to #216488, in order to better
support EBT tracking across tabs.
The profiles tracking in EBT events is a bit convoluted, and ideally
we'd be able to fully isolate the scoped managers, but our use of the
global EBT context observable makes that infeasible since it's a
singleton. If we simply updated the profiles in the EBT context when
switching tabs, it could result in the wrong profiles being tracked for
events fired asynchronously, e.g.:
- Starting from tab A, create a new tab B.
- Switch to tab B (which updates the EBT context with tab B's profiles)
and trigger a long running search.
- While the search is still running, switch back to tab A (updating the
EBT context back to tab A's profiles).
- Tab B's search completes while tab A is active, and the EBT context
for tab B's `discoverFetchAll` event incorrectly contains tab A's
profiles, since they were set when switching back to tab A.
This is solved by keeping track of the active scoped manager in the root
EBT manager, and temporarily updating the EBT context profiles when
firing events from inactive tabs, which seems to be reliable to prevent
leaking across tabs from my testing.
Since I'm using the same "scoped" service approach used for context
awareness across tabs, I've removed the dedicated
`ScopedProfilesManagerProvider` and replaced it with a general purpose
`ScopedServicesProvider` that can be used for all of these types of
services.
Unfortunately while Git recognized that certain files were just moved
and modified (e.g. `discover_ebt_manager.test.ts`), GitHub is displaying
them as entirely new files. To make it easier to review the actual file
changes, open the "Changes from X commits" dropdown and select from the
first commit to "Update unit tests", which will correctly display the
changes before the files were moved (they weren't modified after this
commit).
Resolves#223943.
### Checklist
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Closes https://github.com/elastic/kibana/issues/225344https://github.com/elastic/kibana/pull/223149 moved dynamic action
injection/extraction from dashboard to embeddables.
https://github.com/elastic/kibana/pull/223149 muffed the implementation
for the lens embeddable and failed to spread dynamicActionsState and
dynamicActionsReferences into serialized state for by-value panels.
This PR resolve the issue by spreading dynamicActionsState and
dynamicActionsReferences with lens state for by-value panels.
After applying fix, dashboard saved object should contain drilldown
reference and enhancements state should no longer contain hard coded
`dashboardId`.
```
{
"attributes": {
"panelsJSON": "[{\"type\":\"lens\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"63700c7c-13e2-4aa2-8a58-7d2c19c42b34\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true}}}]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"90943e30-9a47-11e8-b64d-95841ca0b247\",\"name\":\"indexpattern-datasource-layer-5374d213-dba0-47d7-b4f2-9226d08a35cc\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"Linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"5374d213-dba0-47d7-b4f2-9226d08a35cc\",\"accessors\":[\"d1180bfd-63e2-437e-a027-faa0face26ff\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rules\":[{\"type\":\"other\"}],\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}},\"xAccessor\":\"dc975f9c-772f-4fc1-bc1e-70339f2c5906\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5374d213-dba0-47d7-b4f2-9226d08a35cc\":{\"columns\":{\"dc975f9c-772f-4fc1-bc1e-70339f2c5906\":{\"label\":\"Top 5 values of machine.os.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"machine.os.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"d1180bfd-63e2-437e-a027-faa0face26ff\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"d1180bfd-63e2-437e-a027-faa0face26ff\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"dc975f9c-772f-4fc1-bc1e-70339f2c5906\",\"d1180bfd-63e2-437e-a027-faa0face26ff\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"74c07c77-979f-4fd9-8b07-889f4a93f9e0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"74c07c77-979f-4fd9-8b07-889f4a93f9e0\"}}]",
},
"references": [
{
"type": "index-pattern",
"id": "90943e30-9a47-11e8-b64d-95841ca0b247",
"name": "74c07c77-979f-4fd9-8b07-889f4a93f9e0:indexpattern-datasource-layer-5374d213-dba0-47d7-b4f2-9226d08a35cc"
},
{
"name": "74c07c77-979f-4fd9-8b07-889f4a93f9e0:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:63700c7c-13e2-4aa2-8a58-7d2c19c42b34:dashboardId",
"type": "dashboard",
"id": "edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b"
}
],
}
```
## Summary
This adds basic Lens CRUD api routes using the Content Management
system.
| Operation | URI |
|--------|--------|
| Create | `POST api/lens/visualizations` |
| Get | `GET api/lens/visualizations/{id}` |
| Search | `GET api/lens/visualizations?query=test` |
| Update | `PUT api/lens/visualizations/{id}` |
| Delete | `DELETE api/lens/visualizations/{id}` |
### Changes to Lens Content Management
The custom `update` method uses `soClient.create` under the hood for
reasons (i.e. #160116). However, doing this acts as an update or create
method with the provided `id`. I changed this behavior so now any update
where the id is not found will return a `404` error.
Closes#221941Closes#221942 - OpenAPI docs auto generate from route schema
### Testing
You can testing this locally in kibana dev console like so...
```
GET kbn:/api/lens/visualizations/<id>?apiVersion=1
```
> The `apiVersion` query param is needed to test `internal` api routes.
## Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marco Vettorello <marco.vettorello@elastic.co>
## Summary
Endpoint Exception ALL privilege got lost, because the original
migration (PR: https://github.com/elastic/kibana/pull/219566) did this:
- for `siem:ALL` or `siemV2:ALL`:
- it adds the new `global_artifact_management_all`, because `siemVX` all
meant that user can write Endpoint Exceptions
- and: it changed `siemVX:ALL` to `siemVX:MINIMAL_ALL`, in order to
enabled the sub-features toggle, so it is visible to the user that they
are granted a new sub-privilege
and the issue: Endpoint Exceptions are not included in
`siemVX:MINIMAL_ALL`, and thanks to this the user lost their access to
Endpoint Exceptions.
this PR solves this issue.
### visualization
with this change, the `siem/siemV2:ALL` -> `siemV3` migration graph now
looks like this:
```mermaid
flowchart LR
classDef serverless stroke:blue,stroke-dasharray: 5 5
subgraph siemV2[siem/siemV2]
all1[all]
end
subgraph siemV3
subgraph minall2[minimal_all]
g1[global_artifact_management_all]
eea["`endpoint_exceptions_all
(only serverless)`"]:::serverless
end
end
all1 -->|keep access to the included Endpoint Exceptions ALL| g1
all1 -->|enable sub-feature toggle| minall2
all1 -->|keep access to EE ALL, as it WAS included in ALL. only serverless| eea
linkStyle 2 stroke:#00f,color:blue
```
see the previous ones here:
https://github.com/elastic/kibana/pull/219566
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Part of https://github.com/elastic/kibana-team/issues/1503
This PR is mostly about moving tests from
x-pack/test/cases_api_integration and updating related imports
Before:
```
x-pack/test/
| - cases_api_integration/
```
After:
```
x-pack/platform/test/
| - cases_api_integration/
x-pack/solutions/security/test/
| - cases_api_integration/
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
- Part of #213293
- Adds infrastructure for a new pipeline: `kibana / renovate helper`
- The pipeline and scripts are currently a no-op and will be finalized
and tested in a follow up PR against the provisioned pipeline.
## Plan
The goal is to automatically run a script when Renovate opens a PR to
dedupe and perform any other actions, then trigger the Kibana PR
pipeline. This can also be performed by commenting `buildkite run
renovate helper` in the instances where the PR has been rebased by
Renovate.
Additionally, this pipeline will trigger the Kibana PR pipeline
automatically for Renovate PRs when the commit author is not Renovate
bot. Currently a developer has to comment every time they want CI to run
on Renovate PRs. This will improve DX when merging upstream, debugging
the dep upgrade and auto-commits by `kibanamachine`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Adapted cypress tests to:
- Run cypress tests within the Threat Hunting Investigations team bundle
in the CI.
- Fixed failing onboarding test.
- Added test cases for migration rename functionality to the onboarding
test.
## Screenshots
Fixes#218255 and #213784
## Summary
This PR fixes flaky test in Console responsible for opening
documentation with keyboard shortcut by checking if the opened tab
contains `www.elastic.co/docs`.
## Summary
In [this PR](https://github.com/elastic/kibana/pull/222827) we added
support of Cases action for Attack Discovery Schedules.
Now we would like to increase a "max opened cases" limit which defaults
to `5` right now and can be set maximum to `10`. In case with attack
discoveries it is highly expected to have more generated alerts and thus
we would like to bump the max number of opened cases to `20`.
## NOTES
The attack discovery scheduling and alerts history features are hidden
behind these feature flags (in `kibana.dev.yml`):
```
feature_flags.overrides:
securitySolution.attackDiscoveryAlertsEnabled: true
securitySolution.assistantAttackDiscoverySchedulingEnabled: true
```
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base-fips | digest | `d55453a` ->
`7f2cebd` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwiY2k6YnVpbGQtZG9ja2VyLWZpcHMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Jon <jon@elastic.co>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `fdfd7f3` ->
`a02075b` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Jon <jon@elastic.co>
