## Use legacy risk score indices if the new risks engine wasn't
installed
Legacy risk scores indices:
- `ml_user_risk_score_latest_default`
- `ml_host_risk_score_latest_default`
New risk score indices:
- `risk-score.risk-score-latest-default`
Which parts use risk score indices?
- Entity Analytics dashboard
- All host/user risk tab
- Single host/user risk tab
- Alert enrichment UI
- Alert enrichment Backend
All these components can use only one risk score data source at a time,
a new or legacy one.
Previously we started to use the new risk score indices if FF -
`['riskScoringPersistence', 'riskScoringRoutesEnabled'] ` was present
and there was no possibility for the client to see old risk score data
in UI, or use it for alert enrichments
This PR, changes the way, that clients will use legacy risk score
indices until they specifically choose to upgrade the risk engine.
In this video legacy risk transforms are installed, but user risk
transforms are not installed.
16acf38a-5694-4706-9426-cdea58b70a9b
### Cypress tests
I modify those tests in a way that we test that it works still with
legacy risk scores, but also with new risk scores.
Also, add some tests for upgrade workflow.
Also, some risk scores a different in legacy and new indices for the
same entities. So we can show in the tests, that they use different
indices.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
The Mobile product is moving from technical preview to beta. This change
reflects that in the UI.
Before:
<img width="659" alt="Screenshot 2023-09-25 at 4 15 13 PM"
src="59b85ca2-7feb-4899-bf6c-54da0c66fb51">
After:
<img width="692" alt="Screenshot 2023-09-25 at 4 02 50 PM"
src="7b52451b-0f0d-415e-8679-0f19c6e83094">
<img width="770" alt="Screenshot 2023-09-25 at 4 04 54 PM"
src="0898511a-77ab-4c3f-ac3a-ca22513f8593">
## Summary
This PR adds tracking for Log Rate Analysis and Log Pattern Analysis
endpoints for AIOps.
- tracks type of analysis and source (where the analysis is being run
from)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR adds a Settings application component for rendering the Advanced
Settings page in serverless.
### How to test:
1. Start Es with `yarn es serverless` and Kibana with `yarn
serverless-{es/oblt/security}`
2. Go to Management -> Advanced Settings
3. Verify that the settings can be changed and saved.
### Advanced Settings page:
<img width="1495" alt="Screenshot 2023-09-28 at 20 56 25"
src="374b3bbd-7bf6-4de7-8129-8b293dd1698e">
### Added an Advanced Settings card to the Management landing page:
<img width="1575" alt="Screenshot 2023-09-28 at 12 24 23"
src="c08b8b36-ff40-4772-87d6-597629d78342">
<!--- ### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
-->
---------
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Clint Andrew Hall <clint.hall@elastic.co>
## Summary
This PR introduces a new `internal/elastic_assistant/evaluate` route and
`Evaluation` Advanced Setting within the Assistant for benchmarking and
testing models, agents, and other aspects of the Assistant
configuration.
Enable via the `assistantModelEvaluation` experimental feature in your
`kibana.dev.yml` (and better add `discoverInTimeline` for good measure
as well! :)
> xpack.securitySolution.enableExperimental:
['assistantModelEvaluation', 'discoverInTimeline']
Then access from within the `Advanced Settings` modal in the Assistant.
To use, first select your Connectors/Models, then corresponding Agent
configurations, then what model you would like to use for final
evaluation, the evaluation type, and if `custom`, you can specify the
evaluation prompt that is sent off to the evaluator model. Finally,
specify the `dataset`, and `output index` that the results should be
written to, then click `Perform evaluation`.
Sample datasets can be found in
`x-pack/plugins/elastic_assistant/server/lib/model_evaluator/datasets`,
and include:
* `esql_dataset.json`
* `query_dataset.json`
* `security_labs.json`
* `security_questions_dataset.json`
<p align="center">
<img width="500"
src="99f8e764-34bc-4eb7-bbd8-7038ab72117b"
/>
</p>
<p align="center">
<img width="500"
src="f48f91dc-45da-4cd6-9dc7-cb88105668b2"
/>
</p>
### Checklist
Delete any items that are not applicable to this PR.
- [X] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
https://github.com/elastic/security-team/issues/7442
This PR:
1. Sets `protectionUpdatesEnabled` feature flag to `true`.
2. Text changes requested
[here](https://github.com/elastic/security-team/issues/7442)
3. Introduces ~~dismissable~~ callout that warns user about consequences
of turning auto updates off.
4. Adds cypress test that validates note persistance.
## Summary
This PR refactors the public plugin contract of Security Solution,
grouping exposed components into one component service to reduce the
boilerplate code needed when adding new components to the plugin
contract for serverless.
It also refactors the `isILMAvailable` flag that was exposed in the
_start_ contract by the `dataQualityPanelConfig`, which is more
self-explanatory, and it has been exposed in the _setup_ contract
without observable.
### Usage of `ContractComponentsService`
1. Define the component in ess or serverless plugins:
```
securitySolution.setComponents({
getStarted: getSecurityGetStartedComponent(services, productTypes),
dashboardsLandingCallout: getDashboardsLandingCallout(services),
// ... other components
});
```
2. Use the component in the main security plugin
```
const { services: { getComponent$ } } = useKibana();
const GetStartedComponent = useObservable(getComponent$('getStarted'));
return <>{GetStartedComponent}</>;
```
Component names are defined at
84583e4960/x-pack/plugins/security_solution/public/contract_components.ts (L11)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Ref: https://github.com/elastic/kibana/issues/166971
Warning messages such as "max signals reached" or "rule may not have
read access to these indices" can now write metrics (if available) to
the rule execution logger.
Warning message:
<img width="1124" alt="warning_no_access_to_logs_index"
src="70b63a47-3e54-45b1-ba49-da531595e47e">
Metrics:
<img width="1669" alt="metrics_no_access_to_logs_index"
src="eac91dff-316a-4587-bab9-c816947be00e">
## Summary
Recent [EUI bump](https://github.com/elastic/kibana/pull/166868) from
v88.3.0 to v88.5.0 increased the memory usage significantly. Due to
which Cypress Tests started failing due to browser crashing with memory
limits. EUI team has been informed about this.
As reverting EUI is not a simple change, disabling the Cypress Log panel
solves the problem for now. Details can be found
[here](https://github.com/cypress-io/cypress/issues/27415#issuecomment-1668073106)
This brings change to how we run the Cypress Test in Head Mode
## Before
## After
Closes#167524
## Summary
This PR adds the possibility of overriding the alerts flyout options.
This is used to change the metric value during the alert creation when
it is changed in the menu on inventory.
## Testing
- Go to Inventory
- Change the metric in the drop-down menu
- The metric should be changed in the alerts flyout
- Go to hosts view flyout (alert rule should remain the same)
- Go to asset details page view (alert rule should remain the same)
2bb31be0-04c8-4611-a8d2-b91a465a09b8
## Summary
This PR wraps up the work the @elastic/kibana-presentation team has done
to finish the MVP of [Phase
1](https://github.com/elastic/kibana/issues/154354) of the `Link`
embeddable, which enables users to add panels to their dashboard that
contain links to other dashboards + external links - with respect to
dashboard links, we give the author control over which pieces of context
should be kept across dashboards so that things like filter pills,
queries, and time ranges are not lost. This marks a huge improvement in
dashboard navigation overall, which was previously only available via a
variety of different workarounds including (but not limited to):
- Creating (essentially) a `noop` dashboard-to-dashboard drilldown
- Using markdown panels with hard Dashboard links, which are prone to
break across updates
- Avoiding navigation all together, which resulted in large,
slow-to-load dashboards.
As an added benefit, because these panels contain **references** to each
dashboard rather than hard links, (1) unlike markdown links, they should
not break after updates and (2) if a links panel is exported and
imported into another space or instance, all of the dashboards it links
to will also be imported.
1a86b713-47e7-4db9-8a04-29d41b13681a
> **Note**
> 🔉 The above video has audio! Turn on your sound for the best
experience.
### Note about this PR
- A majority of this work was done on a feature branch, with thorough
reviews from @andreadelrio on behalf of @elastic/kibana-design along the
way. Therefore, while feedback on the design is encouraged, any large
concerns brought up in this PR should be filed as separate issues and
addressed in follow-up PRs.
- This PR contains work for giving embeddables control over their own
panel size / default positioning on the dashboard. This was especially
important for the links panel, since we assume that (a) most links
panels would be located somewhere near the top of the dashboard and (b)
the horizontal links panel should have a different default "shape"
(longer than it is tall) than the vertical panel (taller than it is
long).
- This PR also contains work for caching dashboard saved objects, which
makes navigation much more seamless.
### Flaky Test Runner
-
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3251
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
~[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials~ This will
be addressed in a follow up:
https://github.com/elastic/kibana/issues/166750
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios - ~Units tests
are added, functional tests are forthcoming~ Edit: All tests are in.
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Nick Peihl <nick.peihl@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
Co-authored-by: Devon Thomson <devon.thomson@elastic.co>
Co-authored-by: Nick Peihl <nickpeihl@gmail.com>
Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>
fixes https://github.com/elastic/kibana/issues/166850
## Summary
This PR fixes a problem where the charts were not configured to display
dotted lines when there were data points missing.
<img width="1459" alt="image"
src="86228cba-f184-46b8-80f6-f439211e200f">
<img width="1459" alt="image"
src="ced0e3c4-93f1-4967-838c-f8207adc5e4d">
### How to test
- Setup a local Kibana instance pointing to an oblt cluster
- Navigate to `Infrastructure` > `Hosts`
- Click on a host to navigate to the details page
- Verify if charts with missing data points display dottet lines
## Summary
New advanced Endpoint/Defend option. See its description for details.
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
<!--ONMERGE {"backportTargets":["8.9"]} ONMERGE-->
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
With this change, we will let rule type to use conditional action if the
rule type create alert in the alert index.
We will need to some clean up on these two fields `HasAlertsMappings`
and `hasFieldsForAAD` in future release.
(https://github.com/elastic/kibana/issues/167558)
## Summary
Add the `use_text_extraction_service` rich configurable field to some
native connectors.
Native connectors will not have access to the feature, but the field is
required in case the user converts their native connector to a
self-managed connector.
## Summary
This PR introduces grouped common configs in serverless project FTR
tests.
### Details
* With increasing number of added tests, we're running into issues with
test run time (configurations are stopped at 40 minutes)
* This PR moves the inclusion of `common` tests from the projects' main
`config.ts` file to `common_configs/config.group1.ts`, which can easily
be extended
* As part of that, `common` tests in `api_integration/test_suites` and
`functional/test_suites` are re-organized to no longer contain a top
level index file
* Created sub-directories and index files where needed
* This makes it easier to group `common` tests when including them in
project config files
### Additional changes
* Add README files to
`x-pack/test_serverless/[api_integration|functional]/test_suites/common`
* Rename `security` directory in `common` tests to `platform_security`
to avoid confusion with the `security` project type
* Include sample data test suite in an index file (this suite wasn't
included so far and didn't run at all) and prepared it for actually
working in serverless
* it's still failing and should be fixed soon - skipped it for now
## Summary
Let's automate E2E against Serverless
Changelog:
- updated certs to include additional dns names we are using for testing
locally, `host.docker.internal`, `es01`
- updated certs generation README to include changes related to
`openssl@3`
- added new certs for Fleet server
- added fleet-server service token
- added support for `ca_trusted_fingerprint` in fleet preconfig
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tomasz Ciecierski <ciecierskitomek@gmail.com>
Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Co-authored-by: Kevin Logan <kevin.logan@elastic.co>
Closes#163282
## Summary
This PR:
* Adds a `featureFlags.metricsExplorerEnabled` property to the Infra
plugin config to enable and disable Metrics Explorer depending on the
offering type
* Prevents `MetricsExplorerViewsService` initialization for serveless
based on the feature flag
* Prevents creating Metrics Explorer frontend routes when in serverless
* Prevents registration of the MetricsExplorerViews saved object when in
serverless
* Prevents initialization of the `metrics_explorer_views` API routes
when in serverless
**Trying to access Metrics Explorer in serverless**
<img width="1829" alt="CleanShot 2023-09-22 at 12 59 35@2x"
src="2b039925-0f0b-4c07-be29-bbe910de7a34">
**Trying to access views API**
<img width="1829" alt="CleanShot 2023-09-22 at 13 00 00@2x"
src="15269ec2-becd-4ee3-9b5e-d916df28a7b8">
**`infra/metrics_explorer` API still works as per ticket requirements**
<img width="1829" alt="CleanShot 2023-09-22 at 13 00 06@2x"
src="fb23f912-c6fd-46c8-9084-c17c51e5b064">
## How to test
* Checkout locally
* Enable Infra in `serverless.oblt.yml`: `xpack.infra.enabled: true`
* Run Kibana in serverless mode
* Try accessing `/app/metrics/explorer` route and make sure it's not
available
* Make sure other Infra routes (`/app/metrics/inventory` and
`/app/metrics/hosts`) still load as expected
* In Kibana dev console make sure you get 404 for `GET
kbn:/api/infra/metrics_explorer_views`
* Also check that you don't see `metrics-explorer-view` saved object in
the response for `GET
kbn:/api/kibana/management/saved_objects/_allowed_types`
* Run Kibana in non-serverless mode and make sure Metrics Explorer is
accessible and works as usual
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/167387
Replaced using kibana version when deciding if agent upgrade is
available (only in serverless, in stateful kibana version is still
returned as an available version).
To verify locally:
- [to test stateless] add this to `kibana.dev.yml`:
`xpack.fleet.internal.onlyAllowAgentUpgradeToKnownVersions: true`
- extract the `agent_versions_list.json` to local kibana folder
`~/kibana/x-pack/plugins/fleet/target`
[agent_versions_list.json.zip](12739519/agent_versions_list.json.zip)
- verify that upgrade available warnings still work if agent is < latest
agent version (8.10.2)
- when trying to upgrade agent, verify that the default version is the
latest agent version, and 8.11 is not in the list
Agent list:
<img width="1475" alt="image"
src="f06b7bc8-97e6-4ff9-b872-736ede5e969a">
Upgrade available filter - 1 agent on latest version, 9 upgradeable:
<img width="1314" alt="image"
src="4ff5ac02-903b-493b-94df-68b1b7ad6846">
Agent details:
<img width="1512" alt="image"
src="3ff6e1d5-2ccc-4814-83e5-c4760ad63722">
Agent on latest version has disable `Upgrade agent` action:
<img width="1322" alt="image"
src="f461dbf5-04e5-4bcc-8801-48c2b1a90225">
Bulk action with one agent that is not upgradeable (already on latest
version), expected error:
<img width="1597" alt="image"
src="8bfa46ae-6684-4748-9fca-e908c142b642">
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
I decided to remove the backticks suggestion as it was a copy paste from
SQL and is not going to solve ES|QL related errors. It also creates
confusion for many users.
<img width="1677" alt="image"
src="fe2a4fcb-c3e0-4d87-8568-32e7525f70d5">
Improves the display of long descriptions of transforms in the Transform
management page and when editing the description in the transform wizard
or edit flyout.
Previously If there was a long description, the text would not be
wrapped in the table on the management page, and it would not be
possible to view the full text in the text input when editing. This PR
adds line wrapping for the description column, and uses a text area for
editing the text.
Part of https://github.com/elastic/kibana/issues/163147
