## Summary
Closes https://github.com/elastic/kibana/issues/163441
Fixes:
- Node JS tab padding issue (Serverless)
- Make fields for OTel Copyable (Both Serverless and Stateful)
- Add port to all the Managed Service URL links for all Agents
(Serverless)
### Before
### After
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Adds support for cloud id and api key:
```
node ./x-pack/plugins/apm/scripts/create_diagnostics_bundle.js \
--cloudId mydeployment:ZXVyb3BlLXdlc3QyLmdjcC5lbGFzdGljLWNsb3VkLmNvbTo0NDMkYWJjZGVmZyRoaWprbG1u \
--apiKey foobarbaz
```
It is still possible to use username, password and host urls
```
node ./x-pack/plugins/apm/scripts/create_diagnostics_bundle.js \
--kbHost https://mydeployment.kb.europe-west2.gcp.elastic-cloud.com:9243 \
--esHost https://mydeployment.es.europe-west2.gcp.elastic-cloud.com:9243 \
--username elastic \
--password very_secret
```
## Summary
as a part of an effort to remove the vulnerability documents filter in
https://github.com/elastic/security-team/issues/7146 this PR removes the
filter for missing `resource.name` field. While doing so we need to
handle the missing resource.name in the CNVM UX in multiple places:
✨ Vulnerabilities data grid without grouping.
We used to have `Resource` column which under the hood was
`resource.name` column. Added `Resource ID` and renamed `Resource` into
`Resource Name` to be explicit
<img width="1728" alt="Screenshot 2023-08-15 at 14 50 34"
src="21218b9d-1fd0-4e7a-9e95-5d0328909515">
✨ Vulnerability Fly Out
Added `Resource ID` and renamed `Resource` into `Resource Name` to be
explicit
<img width="1728" alt="Screenshot 2023-08-15 at 14 50 48"
src="cd85f100-df64-49c0-bd49-cec22aa0059c">
✨ Resource vulnerabilities data gird
removed `Resource` column from the grid as it brings the duplicated data
which is already present in the header. As an alternative we can add
`Resource ID` and `Resource Name` to be consistent with other data grids
but the data in these columns will be the same for every document
<img width="1728" alt="Screenshot 2023-08-15 at 14 51 10"
src="f05f3313-4bde-48fa-abe4-bdcaffabe0a5">
✋ Vulnerabilities grouped by resource
no changes as we already had `Resource ID` and `Resource Name` there
<img width="1728" alt="Screenshot 2023-08-15 at 14 50 59"
src="f1b0ea42-c62f-447f-abcd-a482d4dcd7c2">
✋ CNVM dashboard
no changes as we already had `Resource ID` and `Resource Name` there
<img width="720" alt="Screenshot 2023-08-15 at 16 56 07"
src="9e950656-cb63-484e-9fe8-1bbe6d68aaac">
fixes:
- https://github.com/elastic/security-team/issues/7343
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
closes [#163797](https://github.com/elastic/kibana/issues/163797)
## Summary
This PR extracts the dashboard configuration from the components that
renders them to common. This aims to make discoverability and
maintainability easier.
It doesn't change any functional behaviour
### How to test
- Start a local kibana instance
- Navigate to `Infrastructure` > `hosts`
- Verify if the charts still work as expected
## Summary
Refactor useUpdateBrowserTitle to use pathname instead of SpyRoute
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Resolves https://github.com/elastic/response-ops-team/issues/124
## Summary
Adds alerting serverless tests! I copied over from this test file
`x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/alerting/alerts.ts`
Ran in the QA environment to verify tests are passing
ControlGroupEmbeddable.addOptionsListControl results in
Container.onPanelAdded adding embeddable. If Containter.getFactory does
not return an embeddable, the added embeddable is an `ErrorEmbeddable`.
```
private async onPanelAdded(panel: PanelState) {
this.updateOutput({
embeddableLoaded: {
...this.output.embeddableLoaded,
[panel.explicitInput.id]: false,
},
} as Partial<TContainerOutput>);
let embeddable: IEmbeddable | ErrorEmbeddable | undefined;
const inputForChild = this.getInputForChild(panel.explicitInput.id);
try {
const factory = this.getFactory(panel.type);
if (!factory) {
throw new EmbeddableFactoryNotFoundError(panel.type);
}
// TODO: lets get rid of this distinction with factories, I don't think it will be needed after this change.
embeddable = isSavedObjectEmbeddableInput(inputForChild)
? await factory.createFromSavedObject(inputForChild.savedObjectId, inputForChild, this)
: await factory.create(inputForChild, this);
} catch (e) {
embeddable = new ErrorEmbeddable(e, { id: panel.explicitInput.id }, this);
}
```
This PR updates all control embeddable tests to ensure returned
embeddable is of expected type that tests are not running against an
`ErrorEmbeddable`.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR cleans up an error that we threw every time we called the
Endpoint metadata service and did not find the relevant Endpoint ID.
This happens when we look at Alerts and look up the Endpoint ID to see
if it is a deployed Endpoint. It is a valid result that that we do not
find the Endpoint and therefore disable actions such as Response Actions
and Endpoint Exceptions.
Before we were throwing errors in Kibana logs which was confusing users.
With this change, we move the log to `debug` and respond with a "Not
Found".
Log in debug with this PR:
<img width="1728" alt="image"
src="f781fc34-0807-4d9d-b931-a2ce1acaf9eb">
More information in this ticket:
https://github.com/elastic/security-team/issues/6931
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Resolves https://github.com/elastic/apm-dev/issues/929
Adds KQL filtering to the following APM rules:
- Latency threshold rule
- Failed transaction rate rule
- Error count threshold rule
### KQL Filter ON
<img width="598" alt="Screenshot 2023-07-31 at 16 45 13"
src="277ac4c1-a542-4efe-bd0c-c2bccfac1a6c">
### KQL Filter OFF
<img width="602" alt="Screenshot 2023-07-31 at 16 47 23"
src="f790ed56-d83d-4732-aa3e-4d7778926fbb">
### Note
Opening a new PR as https://github.com/elastic/kibana/pull/163307 pinged
many teams after merging to main. Removing teams from reviewers list
doesn't unsubscribe them from notifications.
## Summary
This PR updates properties of host and user over to be displayed in
expandable flyout -> right section -> Insights.
User section
- Replaced IP with user domain
- Added fall back (last seen date) if risk score is not available
(without proper license)
- Removed tech preview icon
Host section
- Replaced IP with host os family
- Added fall bask (last seen date) if risk score is not available
(without proper license)
- Removed tech preview icon
**How to Test**
- add `xpack.securitySolution.enableExperimental:
['securityFlyoutEnabled']` to the `kibana.dev.json` file
- go to the Alerts page, and click on the expand detail button on any
row of the table
- click on `Overview`, `Insights`, `Entities`
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
The various unused credential methods supported by both the KSPM->EKS
and CSPM->AWS methods are not cleared out when a package is saved. As
there are currently two components on the frontend which allow the user
to specify their aws credential method, I've added hooks for both the
'packagePolicyCreate' and 'packagePolicyUpdate' methods in fleet to the
CSP serverside plugin. Both these hooks will pass the policy to a
cleanCredentials function which checks the 'aws.credentials.type' var to
determine which fields should be cleared out.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR adds FTR tests for "not-installed" states of Findings page
Contributes to:
- https://github.com/elastic/kibana/issues/155657
## How to test
run in separate terminals
```
yarn test:ftr:server --config x-pack/test/cloud_security_posture_functional/config.ts
```
and
```
yarn test:ftr:runner --include-tag=cloud_security_posture_findings_onboarding --config x-pack/test/cloud_security_posture_functional/config.ts
```
## Summary
Change config merging behaviour, so that arrays are not
merged/concatenated but replaced.
Closes: #162842
Related to: https://github.com/elastic/kibana/pull/161884
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Risk score from new Risk Engine showing in UI
What happened in this pr:
1. We create the latest transform and index on the `init` call when we
install resources for Risk Engine. The original plan was to just get
some API layer around our datastream with historical data. But it's not
possible in one all to achieve pagination/sorting/filtering of risk
scores, so we decided to create transforms.
Latest transform: `risk_score_latest_transform_${spaceId}`
Latest Index: `risk-score.risk-score-latest-${spaceId}`
2. To get the risk score to UI we use the existing search strategy from
the old risk score module, and just pass the new index to the search
3. UI are the same except for the single host/user risk score page, when
we change the explanation parts and instead of the old UI, we will show
alerts table with grouping etc.
<img width="1365" alt="Screenshot 2023-08-09 at 16 19 20"
src="0a850b2e-d3d5-4b06-948d-c129dbf754f0">
4. Temporarily pass experimentalFeutres to rule wrapper and bulk create
as we need to know, which index to use for alert enrichment on ingest
time. It will be removed after we decide to release a new Risk Engine
5. Limiting to have only 2 risk scores per kibana
<img width="972" alt="Screenshot 2023-08-10 at 16 00 42"
src="9cc3c545-2ace-42d9-a2f3-ff771c7e5abd">
Because of limited timeframe before FF, majority of UI tests will be
added after FF
## How to test
`xpack.securitySolution.enableExperimental: ['riskScoringRoutesEnabled']
`
- Go to Settings -> Entity
Risk Score
- Enable risk score module
- Generate some alerts with host.name or user.name
- Call from Kibana console calculation API
```
POST kbn:/api/risk_scores/calculation
{
"data_view_id": ".alerts-security.alerts-default",
"identifier_type": "user",
"range": { "start": "now-30d", "end": "now" }
}
POST kbn:/api/risk_scores/calculation
{
"data_view_id": ".alerts-security.alerts-default",
"identifier_type": "host",
"range": { "start": "now-30d", "end": "now" }
}
```
- Go to Security / Explore / Hosts / Hosts Risk and see risk scores
- - If host page not available because it's required integrations, easy
fix to create filebeat index
```
PUT filebeat-8.10
{
"mappings": {
"properties": {
"@timestamp": {
"type":"date"
},
"host": {
"type": "object",
"properties": {
"name": {
"type": "keyword"
}
}
}
}
}
}
```
- Click on any and go to the single host/user risk page and go to
Host/User risk tab
- Observe the alerts table for top risk core contributors
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
## Summary
fixes https://github.com/elastic/kibana/issues/156741
Scenario | Old Test | Functional test where it is covered
-- | -- | --
'checks draft comment persist behaviour with another markdown user
action update' | 'it should persist the draft of new comment while
existing old comment is updated' | 'should persist the draft of new
comment while old comment is updated'
<br class="Apple-interchange-newline">
### Flaky test runner:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2869
### Checklist
features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This enables the content plugin within Search when Enterprise Search is
not up. Crawler indices are made inaccessible as disentangling their
logic is too complicated to make sense.
300236c8-06b6-4052-8ed0-adb6f2a64564
88faba9a-cb49-412c-84e3-394e04bb04c4
62dc5d5d-a6c5-4d18-969a-2da971adb794
feature
## Summary
This PR adds a dev feature flag
`xpack.index_management.dev.enableIndexDetailsPage` that will allow us
to build out the new index details page in small iterations. Without the
flag, the UI of Index Management is not changed. A skeleton component is
created for the details page (see screenshot below).
### How to test
1. Test the Index Management UI (Indices tab) without the flag and check
that no changes were introduced
1. Add `xpack.index_management.dev.enableIndexDetailsPage: true` to the
file `/config/kibana.dev.yml`
2. Navigate to the Indices tab in Index Management, toggle "hidden
indices" if no indices exist and click any index name
3. Check that the new index details page is displayed
4. Check that the tabs on the page are working
### Screenshots
<img width="1209" alt="Screenshot 2023-08-09 at 19 17 46"
src="e654ef36-ccf3-40a4-8c7b-750b83defef5">
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
