## Summary
We were using the feature Id to determine the alert indices, but we
realized that we should use the rule type id instead. Meaning that we
check which rule type does the user have access and then we get the
indices related to this rule type.
We also took advantage of the new suggestion abstraction of the search
bar components to remove the toaster of hell ->
https://github.com/elastic/kibana/issues/163003
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
**Epic:** https://github.com/elastic/security-team/issues/2905
(internal)
## Summary
Enables the Detections Coverage Overview dashboard feature flag by
default. We're aiming to release this feature in 8.10.
Before the last BC, we will:
- remove the flag if we're confident that we should release the feature
in 8.10
- otherwise, revert the flag back to `false` by default
Closes https://github.com/elastic/kibana/issues/159641
Implements `/assets/services` endpoint that returns service assets found
in the configured source (signals or assets indices). Consumer can
provide a `parent` query to filter the returned services. While the
_assets_ mode supports any kind of parent/depth thanks to its common
interface, the _signals_ mode only supports host parent for the moment.
1. pull this branch and point it at an oblt-cli created cluster that
uses cross-cluster search to read from the edge cluster
2. add the following[1] to your kibana.yml file
3. hit
`/api/asset-manager/assets/services?from=<from>&to=<to>&(parent=<host>)?`.
services should be returned. Add/remove parent query string to filter
services only running on specific host.
[1]
```
xpack.assetManager:
alphaEnabled: true
sourceIndices:
metrics: remote_cluster:metricbeat*,remote_cluster:metrics-*
logs: remote_cluster:filebeat*,remote_cluster:logs-*
traces: remote_cluster:traces-*
serviceMetrics: remote_cluster:metrics-apm*
serviceLogs: remote_cluster:logs-apm*
lockedSource: signals
```
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes: https://github.com/elastic/kibana/issues/163977
Fixes: https://github.com/elastic/kibana/issues/163568
These changes fix the issue with actions popover and the way we check
whether it is closed on rule's detail page.
The issue happens due to the fact that after we closed the popover we
should be testing `should('not.exist')` instead of
`should('not.be.visible')`.
## Summary
Specifying a `refresh_interval` below 5s is no longer allowed with es
serverless. This PR removes the explicit `refresh_interval` from the
session index.
Work done in https://github.com/elastic/kibana/pull/151800 makes
specifying a `refresh_interval` unnecessary.
## Flaky Test Runner
[Session Tests x50
ea](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2932)
🟢
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
If an unhandled error occurs, it will break the diagnostics bundle. This
change will log errors and then swallow them.
This should go out in 8.10 since it is already affecting users.
## Summary
This PR cleans up how config settings are used as conditionals in the
Reporting plugin startup phase.
The existing code is correct, but it's heavily aligned to certain
business requirements that might not be understood by a reader.
The change in the PR uses simpler conditionals that are separated from
internal business decisions. The result should be clearer readability of
the code.
## Summary
This fixes a bug where Windows and Mac Blocklist file path entries
should be passed as case insensitive. This is because Mac and Windows
are caseless for most use cases.
Bug ticket: https://github.com/elastic/kibana/issues/158581
Here is how it will be displayed in the UI:
<img width="1728" alt="image"
src="a3006397-f49e-4de0-818d-94e2de20dba3">
Here are the breakdown of the artifacts after the fix:
Linux:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-linux-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
Encoded SHA256: a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0
Decoded SHA256: f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_cased_any",
"value": [
"/opt/bin/bin.exe"
]
}
]
}
]
}
```
Mac:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-macos-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
Encoded SHA256: 4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9
Decoded SHA256: b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"/opt/exe.exe"
]
}
]
}
```
Windows:
```
-------------------------------------------------------------------
Policy: Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-windows-v1
Relative URL: /api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
Encoded SHA256: c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288
Decoded SHA256: 2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
-------------------------------------------------------------------
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "exact_caseless_any",
"value": [
"C:\\path\\path.exe"
]
}
]
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
We currently separate e2e tests into `power_user` tests and
`read_only_user` tests. We often want to test different permissions
within the same tests, so the distinction becomes a barrier rather than
a help. This PR removed the folders and combines all tests regardless of
which user they run as.
## Summary
Closes https://github.com/elastic/kibana/issues/164146
Changes the remaining TSVB panel to a by value Lens metric.
<img width="1652" alt="Screenshot 2023-08-17 at 6 10 06 PM"
src="538b4bfb-5066-4a93-a16c-4d748b29ea7c">
### How to test
Remove the ecommerce dataset and reinstall it
## Summary
Closes https://github.com/elastic/kibana/issues/163678
* Raise the notion of "internal" into `CoreKibanaRequest`. This enables
us to share this with lifecycle handlers and control validation of query
params
* Added new `isInternalRequest` alongside `isSystemRequest` and
`isFakeRequest`
* Slight simplification to existing internal restriction check
* Some other chores and minor fixes
## Test
* Start ES with `yarn es serverless` and Kibana with `yarn start
--serverless --server.restrictInternalApis=true`
* Add the service account token to `kibana.dev.yml`:
`elasticsearch.serviceAccountToken: <SAT>`
* Send a request to an internal endpoint like: `curl -XPOST
-uelastic:changeme http://localhost:5601/<base-path>/api/files/find -H
'kbn-xsrf: foo' -H 'content-type: application/json' -d '{}'`
* Should give you a 400 result
* message like `{"statusCode":400,"error":"Bad Request","message":"uri
[http://localhost:5603/api/files/find] with method [post] exists but is
not available with the current configuration"}`
* Send the same request, but include the query param:
`elasticInternalOrigin=true`
* Should give you a 200 result
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Generates empty array when the PLI don't meet the requirement. It end up
having empty fleet artifacts for those cannot be generated.
It also adds new test cases
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Increase the stability of Osquery Cypress by stopping the installation
of Osquery on the Fleet server and creating another Agent policy and
enrolling another elastic agent instead
Closes https://github.com/elastic/kibana/issues/163614
PR resolves issue by only adding global time filter to CSV export body
when saved search embeddable does not have time range.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
> [!WARNING]
> Sorry, I had to recreate the PR
https://github.com/elastic/kibana/pull/157241
> Please submit your review again.
- Closes https://github.com/elastic/kibana/issues/155019
Per docs
https://www.elastic.co/guide/en/elasticsearch/reference/current/paginate-search-results.html
<img width="851" alt="Screenshot 2023-05-10 at 10 25 20"
src="b4b9fef4-7dd8-40ed-8244-343889fc4367">
## Summary
1. This PR improves `search_after` pagination for `date_nanos` time
fields. `sort` value will be returned from ES as a string instead of a
rounded and incorrect timestamp. This change allows to also simplify
logic on Surrounding document page.
Before:
<img width="400" alt="Screenshot 2023-05-08 at 17 36 19"
src="fd9f45c4-5dc2-4103-83b9-8810e3a6e0df">
After:
<img width="400" alt="Screenshot 2023-05-08 at 17 37 13"
src="fe9090c0-2116-4f77-9a57-a96ae6b00365">
2. Also in this PR we now allow users to load more documents within the
same time range. Once the button is pressed, it will load next portion
of documents (same "sampleSize" value will be used). Currently, we limit
max total loaded documents to 10000.
"Load more" demo:
If refresh interval is on, the button becomes disabled:
Date nanos demo:
100x Flaky test runner
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2801
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
