Fixes https://github.com/elastic/kibana/issues/219152
## Summary
We added the ability to short circuit rule execution (skip scheduling
actions and writing event log docs) when an execution is cancelled due
to timeout but at the time we added this ability, we were not persisting
alert documents. When we added framework alerts-as-data, we did not add
a check to ensure rule execution had not timed out before writing the
alerts. This PR adds the missing check. This should also respect the
`cancelAlertsOnRuleTimeout` flag that can be set in the config or the
rule type that can force persisting alerts regardless of timeout.
## To verify
1. Set a short `ruleTaskTimeout` on a rule type and add a delay to the
rule executor that will force the rule to timeout.
2. Create a rule of that type that generates alerts. Verify that when
the rule execution times out, no alerts are written.
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
This PR adds support to Cloud Connector for CSPM.
- Adds Cloud Connector Option for Credentials type
- Cloud Formation UI opens an external Link to run Cloud Formation
template which will generate the Role_ARN and External ID.
- User will copy and paste those fields to input fields
- Updates Agentless Policy to include cloud connector enabled support
and the target `cloud server provider`
- Locally, ` xpack.cloudSecurityPosture.enableExperimental:
['cloudConnectorsEnabled']` will be set `kibana.dev.yml`
- In prod, ` xpack.cloudSecurityPosture.enableExperimental:
['cloudConnectorsEnabled']` will be set in `kibana.yml` and - Cloud
Connector support is only available on AWS setup and AWS Deployed
environment
<img width="1723" alt="Screenshot 2025-05-05 at 9 47 17 AM"
src="https://github.com/user-attachments/assets/13d29190-abfb-4cd0-9f1b-9d0012d1f70c"
/>
<img width="971" alt="Screenshot 2025-05-05 at 9 47 32 AM"
src="https://github.com/user-attachments/assets/043cb3a0-0760-4dfd-9381-5fee37068848"
/>
### How to run Locally:
E2E workflow is not supported yet for Cloud Connectors but we can see
the updated UX with AgentPolicy being configured with cloud connector
properties {enabled: true, target_csp: 'aws'} and Package Policy being
configured
`role_arn` and `external id`
1. Search for `showCloudConnectors={showCloudConnectors}
2. Change property to true `showCloudConnectors={true}`
3. Select Cloud Connectors options and you should see the feature
screenshot above
This PR adds the [start-local](https://github.com/elastic/start-local)
telemetry keyword. This keyword has [already been merged in
start-local](https://github.com/elastic/start-local/pull/52) to inform
Kibana that the telemetry are coming from a start-local installation.
When this will be merged I can than release a new version of start-local
(i.e. 0.9.0).
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Alejandro Fernández Haro <alejandro.haro@elastic.co>
Initially there was no success message for any type in the library and
there was no scrolling to added panel.
This change sets displaySuccessMessage to true for each plugin
registered in the Add from Library flyout.
It ensures that:
- users see a success toast after adding a panel,
- the newly added panel is automatically scrolled into view.
Closes: #188775
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
`isRootStreamDefinition` didn't check properly for a root stream. A root
stream is a wired stream that doesn't contain dots.
After this change:
* classic stream processing should be editable
* wired stream processing should be editable as long as not root stream
* root stream processing should be editable
## Summary
Simplifies secret management for running the Security Gen AI
Evaluations. See updated README.md for full details, but includes:
* Consolidation of multiple vault keys to a single
`KIBANA_SECURITY_GEN_AI_CONFIG` key, which contains all connectors,
langsmith creds and now a way to specify `evaluatorConnectorId`.
* Added `vault` params to both `retrieve_secrets.js` and
`upload_secrets.js` for specifying the vault. Defaults to `sieam-team`
secrets.elastic.co for ease of use by developers.
* Introduces `get_commands.js` script for fetching commands to hand off
to either Kibana Ops for updating, or specifying config overrides when
manually running BuildKite pipelines.
* Deleted `export_env_secrets.js` as it couldn't be used for setting env
vars locally for the dev testing experience.
* Updated `connectors` as per team discussion to include: GPT-4.1,
Claude 3.5/3.7, and Gemini 2.5 Pro. This was a config change made by
Kibana Ops, so no code change present. But you can confirm by running
`retrieve_secrets.js`.
And finally, a much more detailed `README.md` for testing locally, on
PR's and CI, and the process for updating secrets. See full
[README.md](https://github.com/spong/kibana/blob/ci-eval-tweaks/x-pack/test/security_solution_api_integration/test_suites/genai/evaluations/README.md)
Example LangSmith Runs:
* `ES|QL Generation Regression Suite`: [Run
298372](261dcc59-fbe7-4397-a662-ff94042f666c)
* `Alerts RAG Regression (Episodes 1-8)`: [Run
298372](bd5bba1d-97aa-4512-bce7-b09aa943c651)
* `Assistant Eval: Custom Knowledge`: [Run
298372](2d5f7c18-4bf4-4cdb-97a1-16e39a865cab)
* `Eval AD: All Scenarios`: [Run
300138](4690ee16-9df5-416c-8bf0-b62bc2f2aba9/compare?selectedSessions=6d44134b-6492-4f2d-9b28-6d4a82a0e9ae&baseline=undefined)
Note: there is currently a timing bug with Alerts/KB entries being
cleaned up before the server is complete, so you may see poor evals for
`Alerts RAG Regression (Episodes 1-8)` and `Assistant Eval: Custom
Knowledge` until that is fixed. I'll address this in a follow-up PR
since it is unrelated to this change-set.
## Summary
Fixes https://github.com/elastic/kibana/issues/218000
Fixes issues that caused the `exceptions_list` and `actions` fields to
get overwritten when the legacy prebuilt rule upgrade methods
(`api/detection_engine/rules/prepackaged`) were used.
### Testing
1. Install an outdated rules package
1. Install all rules from the package
1. Add actions and exceptions to the installed rules (actions can be
added using bulk edit)
1. Install the latest available prebuilt rules package
1. Call the legacy API to upgrade installed rules to the latest
versions: `/api/detection_engine/rules/prepackaged`
1. Observe all exceptions lists and actions are maintained through
upgrade process
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Pin the prebuilt rules package version to the one containing promotion
rules needed for AI4SOC to work.
Note: this is only for test purposes, the package will be removed once
AI4SOC is ready to be released and the promotion rules are added to the
production rules package.
Closes: #219355Closes: #219345
## Summary
This PR improves accessibility for users relying on assistive
technologies for: `Analytics → Stack Management → Snapshot and Restore`
by addressing the following:
1. Screen Reader Announcements for Error Warnings
2. Duplication of announcement
## Summary
We would like to add the `author:obs-ux-management` label to the PRs if
the author of a PR is one of our team members.
I tested this logic in another
[repo](https://github.com/maryam-saeidi/testing/pull/3).
Closes: https://github.com/elastic/kibana/issues/220339
**Background**
The `semantic_text` migration will migrate content from `text` field to
`semantic_text` field. It does so with a recursive function that
continuously retrieves knowledge base entries if they do not contain
`semantic_text` and updates them accordingly.
**Problem**
It is possible to save empty knowledge base entries
(https://github.com/elastic/kibana/issues/220342) where `text` and
`semantic_text` will be empty. Doing this will cause the migration
script to run indefinitely leading to OOM on the affected clusters.
## Workarounds for clusters that cannot / won't upgrade
Temporary workaround is to delete empty knowledge base entries:
```jsonc
POST .kibana-observability-ai-assistant-kb/_delete_by_query
{
"query": {
"bool": {
"must": [{ "exists": { "field": "text" }}],
"must_not": [ { "wildcard": { "text": "*" } }
]
}
}
}
```
If you want to perform a dry run (find offending documents without
deleting them) run this:
```jsonc
GET .kibana-observability-ai-assistant-kb/_search
{
"query": {
"bool": {
"must": [{ "exists": { "field": "text" }}],
"must_not": [ { "wildcard": { "text": "*" } }
]
}
}
}
```
Closes https://github.com/elastic/obs-ai-assistant-team/issues/247
Closes https://github.com/elastic/kibana/issues/217912
## Summary
### Problems
- The `/warmup_model` endpoint doesn't return immediately and waits for
the KB to be ready. If there is no ML nodes or sufficient capacity in
the ML node, the API can timeout.
- Since the endpoint doesn't return immediately, we don't poll for
status continuously.
- Knowledge base tab doesn't show `Inspect` if no ML nodes are
available.
### Solutions
- Show `Inspect` information in the knowledge base
- Return `/warmup_model` immediately (we don't need to wait for the
model to be ready since we are polling), and start polling
- If the user refreshes the browser and if the `kbState` is in
`DEPLOYING_MODEL` keep polling for status
### Checklist
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
