Closes https://github.com/elastic/kibana/issues/159641
Implements `/assets/services` endpoint that returns service assets found
in the configured source (signals or assets indices). Consumer can
provide a `parent` query to filter the returned services. While the
_assets_ mode supports any kind of parent/depth thanks to its common
interface, the _signals_ mode only supports host parent for the moment.
1. pull this branch and point it at an oblt-cli created cluster that
uses cross-cluster search to read from the edge cluster
2. add the following[1] to your kibana.yml file
3. hit
`/api/asset-manager/assets/services?from=<from>&to=<to>&(parent=<host>)?`.
services should be returned. Add/remove parent query string to filter
services only running on specific host.
[1]
```
xpack.assetManager:
alphaEnabled: true
sourceIndices:
metrics: remote_cluster:metricbeat*,remote_cluster:metrics-*
logs: remote_cluster:filebeat*,remote_cluster:logs-*
traces: remote_cluster:traces-*
serviceMetrics: remote_cluster:metrics-apm*
serviceLogs: remote_cluster:logs-apm*
lockedSource: signals
```
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes: https://github.com/elastic/kibana/issues/163977
Fixes: https://github.com/elastic/kibana/issues/163568
These changes fix the issue with actions popover and the way we check
whether it is closed on rule's detail page.
The issue happens due to the fact that after we closed the popover we
should be testing `should('not.exist')` instead of
`should('not.be.visible')`.
## Summary
Specifying a `refresh_interval` below 5s is no longer allowed with es
serverless. This PR removes the explicit `refresh_interval` from the
session index.
Work done in https://github.com/elastic/kibana/pull/151800 makes
specifying a `refresh_interval` unnecessary.
## Flaky Test Runner
[Session Tests x50
ea](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2932)
🟢
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
If an unhandled error occurs, it will break the diagnostics bundle. This
change will log errors and then swallow them.
This should go out in 8.10 since it is already affecting users.
## Summary
This PR cleans up how config settings are used as conditionals in the
Reporting plugin startup phase.
The existing code is correct, but it's heavily aligned to certain
business requirements that might not be understood by a reader.
The change in the PR uses simpler conditionals that are separated from
internal business decisions. The result should be clearer readability of
the code.
## Summary
This fixes a bug where Windows and Mac Blocklist file path entries
should be passed as case insensitive. This is because Mac and Windows
are caseless for most use cases.
Bug ticket: https://github.com/elastic/kibana/issues/158581
Here is how it will be displayed in the UI:
<img width="1728" alt="image"
src="a3006397-f49e-4de0-818d-94e2de20dba3">
Here are the breakdown of the artifacts after the fix:
Linux:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-linux-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
Encoded SHA256: a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0
Decoded SHA256: f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_cased_any",
"value": [
"/opt/bin/bin.exe"
]
}
]
}
]
}
```
Mac:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-macos-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
Encoded SHA256: 4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9
Decoded SHA256: b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"/opt/exe.exe"
]
}
]
}
```
Windows:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-windows-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
Encoded SHA256: c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288
Decoded SHA256: 2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"C:\\path\\path.exe"
]
}
]
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
We currently separate e2e tests into `power_user` tests and
`read_only_user` tests. We often want to test different permissions
within the same tests, so the distinction becomes a barrier rather than
a help. This PR removed the folders and combines all tests regardless of
which user they run as.
## Summary
Closes https://github.com/elastic/kibana/issues/164146
Changes the remaining TSVB panel to a by value Lens metric.
<img width="1652" alt="Screenshot 2023-08-17 at 6 10 06 PM"
src="538b4bfb-5066-4a93-a16c-4d748b29ea7c">
### How to test
Remove the ecommerce dataset and reinstall it
## Summary
Closes https://github.com/elastic/kibana/issues/163678
* Raise the notion of "internal" into `CoreKibanaRequest`. This enables
us to share this with lifecycle handlers and control validation of query
params
* Added new `isInternalRequest` alongside `isSystemRequest` and
`isFakeRequest`
* Slight simplification to existing internal restriction check
* Some other chores and minor fixes
## Test
* Start ES with `yarn es serverless` and Kibana with `yarn start
--serverless --server.restrictInternalApis=true`
* Add the service account token to `kibana.dev.yml`:
`elasticsearch.serviceAccountToken: <SAT>`
* Send a request to an internal endpoint like: `curl -XPOST
-uelastic:changeme http://localhost:5601/<base-path>/api/files/find -H
'kbn-xsrf: foo' -H 'content-type: application/json' -d '{}'`
* Should give you a 400 result
* message like `{"statusCode":400,"error":"Bad Request","message":"uri
[http://localhost:5603/api/files/find] with method [post] exists but is
not available with the current configuration"}`
* Send the same request, but include the query param:
`elasticInternalOrigin=true`
* Should give you a 200 result
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Generates empty array when the PLI don't meet the requirement. It end up
having empty fleet artifacts for those cannot be generated.
It also adds new test cases
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Increase the stability of Osquery Cypress by stopping the installation
of Osquery on the Fleet server and creating another Agent policy and
enrolling another elastic agent instead
Closes https://github.com/elastic/kibana/issues/163614
PR resolves issue by only adding global time filter to CSV export body
when saved search embeddable does not have time range.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
> [!WARNING]
> Sorry, I had to recreate the PR
https://github.com/elastic/kibana/pull/157241
> Please submit your review again.
- Closes https://github.com/elastic/kibana/issues/155019
Per docs
https://www.elastic.co/guide/en/elasticsearch/reference/current/paginate-search-results.html
<img width="851" alt="Screenshot 2023-05-10 at 10 25 20"
src="b4b9fef4-7dd8-40ed-8244-343889fc4367">
## Summary
1. This PR improves `search_after` pagination for `date_nanos` time
fields. `sort` value will be returned from ES as a string instead of a
rounded and incorrect timestamp. This change allows to also simplify
logic on Surrounding document page.
Before:
<img width="400" alt="Screenshot 2023-05-08 at 17 36 19"
src="fd9f45c4-5dc2-4103-83b9-8810e3a6e0df">
After:
<img width="400" alt="Screenshot 2023-05-08 at 17 37 13"
src="fe9090c0-2116-4f77-9a57-a96ae6b00365">
2. Also in this PR we now allow users to load more documents within the
same time range. Once the button is pressed, it will load next portion
of documents (same "sampleSize" value will be used). Currently, we limit
max total loaded documents to 10000.
"Load more" demo:
If refresh interval is on, the button becomes disabled:
Date nanos demo:
100x Flaky test runner
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2801
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Removes a beta label from the "terminal output" feature in the linux
settings for the endpoint integration. The beta tag was previously
removed from the TTY player itself, but this spot was missed.
Also, this PR changes codeowners of session_view, kubernetes_security
and cloud_defend plugins to the **kibana-cloud-security-posture** team
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes https://github.com/elastic/kibana/issues/162618
There was an issue with setting pagination for the EUI table before
models are fetched. Providing a page index while the items count is 0
caused pagination to reset with an uninitialized URL state callback.
This PR adds a check to verify model list has been retrieved.
Also, the Kibana `_stats` endpoint has been updated to provide a `size`
parameter.
## Summary
Note: this is only the API changes, the UI element will follow.
Part of #162862
Add the ability to specify a `proxy_id` on a download source.
If an agent policy uses a download source with a `proxy_id`, then the
proxy url will be added to the policy like so:
`agent.download.proxy_url: <proxy_url>`.
Test cases automated:
- create a download source with a valid proxy_id
- create a download source with an invalid proxy_id
- update download wource proxy_id
- update download_source proxy_id to null (remove proxy)
- updating a download source proxy bumps all policies using that
download source
- removing a download source proxy bumps all policies using that
download source
- updating the proxy url bumps all policies using a download source with
the proxy id set
- deleting the proxy bumps all policies using a download source with the
proxy id set to remove the proxy
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
