## Summary
This fixes a bug where Windows and Mac Blocklist file path entries
should be passed as case insensitive. This is because Mac and Windows
are caseless for most use cases.
Bug ticket: https://github.com/elastic/kibana/issues/158581
Here is how it will be displayed in the UI:
<img width="1728" alt="image"
src="a3006397-f49e-4de0-818d-94e2de20dba3">
Here are the breakdown of the artifacts after the fix:
Linux:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-linux-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
Encoded SHA256: a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0
Decoded SHA256: f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_cased_any",
"value": [
"/opt/bin/bin.exe"
]
}
]
}
]
}
```
Mac:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-macos-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
Encoded SHA256: 4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9
Decoded SHA256: b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"/opt/exe.exe"
]
}
]
}
```
Windows:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-windows-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
Encoded SHA256: c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288
Decoded SHA256: 2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"C:\\path\\path.exe"
]
}
]
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
We currently separate e2e tests into `power_user` tests and
`read_only_user` tests. We often want to test different permissions
within the same tests, so the distinction becomes a barrier rather than
a help. This PR removed the folders and combines all tests regardless of
which user they run as.
## Summary
Closes https://github.com/elastic/kibana/issues/164146
Changes the remaining TSVB panel to a by value Lens metric.
<img width="1652" alt="Screenshot 2023-08-17 at 6 10 06 PM"
src="538b4bfb-5066-4a93-a16c-4d748b29ea7c">
### How to test
Remove the ecommerce dataset and reinstall it
## Summary
Closes https://github.com/elastic/kibana/issues/163678
* Raise the notion of "internal" into `CoreKibanaRequest`. This enables
us to share this with lifecycle handlers and control validation of query
params
* Added new `isInternalRequest` alongside `isSystemRequest` and
`isFakeRequest`
* Slight simplification to existing internal restriction check
* Some other chores and minor fixes
## Test
* Start ES with `yarn es serverless` and Kibana with `yarn start
--serverless --server.restrictInternalApis=true`
* Add the service account token to `kibana.dev.yml`:
`elasticsearch.serviceAccountToken: <SAT>`
* Send a request to an internal endpoint like: `curl -XPOST
-uelastic:changeme http://localhost:5601/<base-path>/api/files/find -H
'kbn-xsrf: foo' -H 'content-type: application/json' -d '{}'`
* Should give you a 400 result
* message like `{"statusCode":400,"error":"Bad Request","message":"uri
[http://localhost:5603/api/files/find] with method [post] exists but is
not available with the current configuration"}`
* Send the same request, but include the query param:
`elasticInternalOrigin=true`
* Should give you a 200 result
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Generates empty array when the PLI don't meet the requirement. It end up
having empty fleet artifacts for those cannot be generated.
It also adds new test cases
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Increase the stability of Osquery Cypress by stopping the installation
of Osquery on the Fleet server and creating another Agent policy and
enrolling another elastic agent instead
Closes https://github.com/elastic/kibana/issues/163614
PR resolves issue by only adding global time filter to CSV export body
when saved search embeddable does not have time range.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
> [!WARNING]
> Sorry, I had to recreate the PR
https://github.com/elastic/kibana/pull/157241
> Please submit your review again.
- Closes https://github.com/elastic/kibana/issues/155019
Per docs
https://www.elastic.co/guide/en/elasticsearch/reference/current/paginate-search-results.html
<img width="851" alt="Screenshot 2023-05-10 at 10 25 20"
src="b4b9fef4-7dd8-40ed-8244-343889fc4367">
## Summary
1. This PR improves `search_after` pagination for `date_nanos` time
fields. `sort` value will be returned from ES as a string instead of a
rounded and incorrect timestamp. This change allows to also simplify
logic on Surrounding document page.
Before:
<img width="400" alt="Screenshot 2023-05-08 at 17 36 19"
src="fd9f45c4-5dc2-4103-83b9-8810e3a6e0df">
After:
<img width="400" alt="Screenshot 2023-05-08 at 17 37 13"
src="fe9090c0-2116-4f77-9a57-a96ae6b00365">
2. Also in this PR we now allow users to load more documents within the
same time range. Once the button is pressed, it will load next portion
of documents (same "sampleSize" value will be used). Currently, we limit
max total loaded documents to 10000.
"Load more" demo:
If refresh interval is on, the button becomes disabled:
Date nanos demo:
100x Flaky test runner
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2801
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Removes a beta label from the "terminal output" feature in the linux
settings for the endpoint integration. The beta tag was previously
removed from the TTY player itself, but this spot was missed.
Also, this PR changes codeowners of session_view, kubernetes_security
and cloud_defend plugins to the **kibana-cloud-security-posture** team
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes https://github.com/elastic/kibana/issues/162618
There was an issue with setting pagination for the EUI table before
models are fetched. Providing a page index while the items count is 0
caused pagination to reset with an uninitialized URL state callback.
This PR adds a check to verify model list has been retrieved.
Also, the Kibana `_stats` endpoint has been updated to provide a `size`
parameter.
## Summary
Note: this is only the API changes, the UI element will follow.
Part of #162862
Add the ability to specify a `proxy_id` on a download source.
If an agent policy uses a download source with a `proxy_id`, then the
proxy url will be added to the policy like so:
`agent.download.proxy_url: <proxy_url>`.
Test cases automated:
- create a download source with a valid proxy_id
- create a download source with an invalid proxy_id
- update download wource proxy_id
- update download_source proxy_id to null (remove proxy)
- updating a download source proxy bumps all policies using that
download source
- removing a download source proxy bumps all policies using that
download source
- updating the proxy url bumps all policies using a download source with
the proxy id set
- deleting the proxy bumps all policies using a download source with the
proxy id set to remove the proxy
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Removing the telemetry banner during the CCS console test will help with
flakiness (allowing for more of the query result to be in the view
port).
## Summary
As part of https://github.com/elastic/kibana/pull/161151 a [selection of
component imports were made
lazy](https://github.com/elastic/kibana/blob/main/x-pack/plugins/logs_shared/public/index.ts#L52)
and wrapped with a [`dynamic` wrapper
component](https://github.com/elastic/kibana/blob/main/x-pack/plugins/logs_shared/common/dynamic.tsx#L22).
Unfortunately some of these imports did not adhere to the rules of
React's `lazy` imports (needing a `default` export, no named imports
etc), and the `dynamic` wrapper seems to have suppressed error
information that would have been available via using `lazy` directly.
Only the anomaly and categories log entry examples (in the expanded
rows) were affected by this, as the stream and embeddable import from
locations that were backed by a `default` export (and those top level
components don't import from that particular index file lower in the
hierarchy). For imports that weren't backed by a `default` I've added
them, and where necessary moved components to new files if needed (since
it's one `default` per file).
Also open to suggestions of ways we can alter the `<dynamic />`
component and maintain the error safety 🤔
## Examples
Without these changes:
Warning using `lazy` directly without the `dynamic` wrapper:
## Testing
- Check all instances render correctly (stream, embeddable uses, and ML
page log entry examples).
## Summary
The reputation service Policy option should be `true` by default if it
is a cloud deployment. Otherwise it should be `false`. This PR corrects
the default option for new policies if it is a cloud deployment.
The migrated Policies should still always default to `false` (already
implemented in a previous PR)
New Policy with `cloud: true`
New Policy with `cloud: false`
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/161887
Merges most of the functionality from `feat/obs-asset-manager-demo`
branch. We remove implicit collection code while including:
- asset collectors from signals (also include pods and containers but we
don't use then directly)
- source configuration code (assets or signals)
- `assetAccessor` logic that determines which indices to query
The change also enables ftr test suite. We'll also merge the services
endpoint https://github.com/elastic/kibana/pull/160294 when approved.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Jason Rhodes <jason.rhodes@elastic.co>
## Summary
Related to #163089
Adding the first performance journey for the Lens Editor. It simulated
loading existing Lens visualisation with data view having 10k fields.
We collect the following metrics:
- `fetchFieldsExistenceInfo` reports time it takes to fetch fields in
Data Panel
- `lensVisualizationRenderTime` reports both time it takes to fetch the
data (`time_to_data`) and render the main visualization
(`time_to_render`)
- `lensSuggestionsRenderTime` reports time it takes to render
suggestions panel
Metrics consistency
<img width="568" alt="image"
src="3384bb8e-6152-4bae-93dc-4f7f4167ed07">
Run locally with
```
node scripts/functional_tests --config x-pack/performance/journeys/many_fields_lens_editor.ts
```
Metrics will be available here
dd0473ac-826f-5621-9a10-25319700326e?_g=h@61c5ac8
---------
Co-authored-by: Drew Tate <drewctate@gmail.com>
## Summary
Original ticket: #163844
These changes fix the issue with the incorrect `expandDottedObject`
functionality which instead of merging objects would replace with the
latest version of it.
