## Summary
This PR introduces validation rules for Case Observables, shared between
client and the server.
### Testing
- Create a case
- Add on observable to it, picking up the ipv4 as an observable type
(for instance)
- Verify that only the valid values are allowed.
- Try updating the observable after it is created, same validation rules
apply.
- Do the same thing using API routes.
## Summary
This PR fixes a bug where unavailable (due to lack of permissions)
"main" analytics applications would show for users on Kibana overview
page.
Closes: #212171
## Summary
This PR fixes the search logic to look for playwright configs in all
possible & expected locations (`src/*` was not working), matching one of
3 regexp:
```
/(x-pack\/platform\/plugins\/(?:private|shared|[^\/]+)\/([^\/]+))\/ui_tests\//,
/(x-pack\/solutions\/[^\/]+\/plugins\/([^\/]+))\/ui_tests\//,
/(src\/platform\/plugins\/(?:private|shared)?\/?([^\/]+))\/ui_tests\//,
```
For each plugin we also have `usesParallelWorkers` prop (`true` if at
least 1 config runs with concurrent workers) to decide later, if we need
worker with 4 or 8 VCPUs.
The idea is to run `node scripts/scout discover-playwright-configs
--save` on CI and use generated json as source to build test run
pipeline.
Current output:
```
{
"discover_enhanced": {
"group": "platform",
"pluginPath": "x-pack/platform/plugins/private/discover_enhanced",
"configs": [
"x-pack/platform/plugins/private/discover_enhanced/ui_tests/parallel.playwright.config.ts",
"x-pack/platform/plugins/private/discover_enhanced/ui_tests/playwright.config.ts"
],
"usesParallelWorkers": true
},
"maps": {
"group": "platform",
"pluginPath": "x-pack/platform/plugins/shared/maps",
"configs": [
"x-pack/platform/plugins/shared/maps/ui_tests/playwright.config.ts"
],
"usesParallelWorkers": false
},
"observability_onboarding": {
"group": "observability",
"pluginPath": "x-pack/solutions/observability/plugins/observability_onboarding",
"configs": [
"x-pack/solutions/observability/plugins/observability_onboarding/ui_tests/parallel.playwright.config.ts",
"x-pack/solutions/observability/plugins/observability_onboarding/ui_tests/playwright.config.ts"
],
"usesParallelWorkers": true
}
}
```
## Summary
Partially addresses https://github.com/elastic/kibana/issues/210358
Adds all callouts and logic to incentivize users to upgrade their rules asap. These include:
- [x] Showing a callout on the Rule Management page
- [x] Showing a callout on the Rule Details page
- [x] Letting users open the Rule Upgrade flyout from the Rule Details page
- [x] Showing a callout on the Rule Editing page
- [x] Showing a callout in the Rule Upgrade flyout if rule has missing base version
This PR also adds related updates to the rule diff algorithms in order to facilitate an easier upgrade experience when rules have missing base versions. These include:
- [x] When the rule has a missing base version and is NOT marked as customized:
- [x] We should return all the target fields from the diff algorithm as NO_CONFLICT
- [x] When the rule has a missing base version and is marked as customized:
- [x] We should attempt to merge all non-functional mergeable fields (any field that doesn't have consequences with how the rule runs e.g. tags) and return them as `SOLVABLE_CONFLICT`.
- **NOTE**: When base versions are missing and the rule is customized, we attempt to merge all mergable, non-functional rule fields. These include all fields covered by the scalar diff array (`tags`, `references`, `new_terms_fields`, `threat_index`). We typically also consider multi-line string fields as mergeable but without three versions of the string, we are currently unable to merge the strings together, so we just return target version.
- [x] We should pick the target version for all functional mergeable fields (e.g. `index`) and non-mergeable fields and return them as `SOLVABLE_CONFLICT`.
### Screenshots
**Callout on Rule details page w/ flyout button**
---
**Upgrade flyout now accessible from rule details page**
---
**Callout on rule editing page**
---
**Dismissible callout on rule management page**
---
**Callout in rule upgrade flyout when rule has missing base version**
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Towards https://github.com/elastic/response-ops-team/issues/248
In this PR, I'm setting the default `xpack.task_manager.capacity` value
to `20` for security serverless projects. We've incremented this setting
gradually via gitops over the past few months and now it's set to `20`
across all environments. Before we cleanup the gitops repo, we need to
roll this out to all environments for the setting to remain in place.
Follow-up to: https://github.com/elastic/kibana/pull/212077
This PR includes an API test that covers `get_alerts_dataset_info` and
would have caught the bug fixed in
https://github.com/elastic/kibana/pull/212077.
It also contains the following bug fixes:
- Fix system message in `select_relevant_fields`
- Change prompt in `select_relevant_fields` so that the LLM consistently
uses the right format when responding.
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `6387bd4` ->
`15a4191` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
PR removes `dashboard_container` and adds `dashboard_renderer` folder. I
tried to find a best fit for files but have no strong opinions about
where I put things. Please comment if you would like files in different
locations.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
# Release note
Legacy OpenSSL algorithms have been disabled by default. Further
information on which algorithms can be found at
https://docs.openssl.org/3.0/man7/OSSL_PROVIDER-legacy. These can be
re-enabled by adding `--openssl-legacy-provider` to
`$KBN_PATH_CONF/node.options`
I noticed that a couple integration tests were not actually validating
whether the documents got routed the right way (the number and string
tests).
This PR fixes this by introducing a helper that can easily do the same
check we had a couple of times in there.
## Summary
Resolves https://github.com/elastic/kibana/issues/212972
This PR replaces the info and error log levels with debug since most of
these errors are for developers or users. Not operations.
## Summary
This is intended to be a "minimal" migration for Defend Insights to
langgraph + output chunking. Other than the increased events due to the
context increase from output chunking, the functionality is unchanged.
* migrates defend insights to langgraph
* adds output chunking / refinement
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
This PR makes the AI suggestions button more stable in case of
misconfigured fields:
* Only make the button clickable if there are sample values
* Filter out sample documents that don't have the required field on the
server (would have broken the request before)
<img width="344" alt="Screenshot 2025-03-04 at 15 43 23"
src="https://github.com/user-attachments/assets/12045985-cfac-4a13-a23c-595ac6503c1a"
/>
Embeddable ViewMode is part of legacy embeddable architecture. This PR
removes Embeddable ViewMode and replaces its usage with
presentation-publishing ViewMode. presentation-publishing ViewMode is a
string literal type so an enum is no longer needed.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Fixes [#212745](https://github.com/elastic/kibana/issues/212745)
## Summary
Fix for the hosts total count query, which was not correctly filtering
hosts from system integration and APM
<img width="584" alt="image"
src="https://github.com/user-attachments/assets/05c3b244-3a0f-425a-82db-3498c1a6dbb7"
/>
### How to test
- Connect Kibana to an edge cluster
- Navigate to Infrastructure > Hosts
- The total number of items on the table should be equal to the number
in the hosts count KPI
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR introduces a new script for loading parameterized workflow
insights into a data stream. It enables UI/UX testing without requiring
an agent installation or generating insights manually.
Arguments
```
--endpointId Required. The endpoint ID to use for generating workflow insights.
--elasticsearch Optional. The URL to Elasticsearch. Default: http://localhost:9200
--username Optional. The username to use for authentication. Default: elastic
--password Optional. The password to use for authentication. Default: changeme
--count Optional. The number of workflow insights to generate. Default: 5
--os Optional. The OS to use for generating workflow insights. Default: linux
--antivirus Optional. The antivirus to use for generating workflow insights. Default: ClamAV
--path Optional. The executable path of the AV to use for generating workflow insights. Default: /usr/bin/clamscan
```
Example usage:
* Load 5 workflow insights, using the default values - Linux, ClamAV,
/usr/bin/clamscan on the endpoint with ID
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6
`node ./load_workflow_insights.js --endpointId
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6`
* Load 10 workflow insights for Malwarebytes with path of C:\\Program
Files\\Malwarebytes\\Anti-Malware\\mbam.exe on Windows endpoint with ID
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6
`node ./load_workflow_insights.js --endpointId
8ee2a3a4-ca2b-4884-ae20-8b17d31837b6 --count 10 --os windows --antivirus
Malwarebytes --path 'C:\\Program
Files\\Malwarebytes\\Anti-Malware\\mbam.exe'`
## Summary
This PR fixes the Unstructured syslog flow. It picks up 5 samples send
them to LLM to create a pattern and tests all the samples against the
pattern , collects the unparsed samples [ if any ] , send them in for
next round of pattern check and so on.
This creates a list of patterns that matches all the samples and creates
a grok processor with those patterns and it breaks the syslogs down into
a JSON for ECS mapping , categorization and related graphs.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
