## Summary
This PR addresses the issue where currently only some of our API does
Auth check. All of our API should be doing this. Furthermore we are
adding new API FTR to cover this scenario as well
Notes:
Currently Benchmark related API FTR is blocked by
https://github.com/elastic/kibana/issues/188059
## Summary
- Adds the `kill-process` command to Response Console for SentinelOne
hosts
- Note that in order to access this command, the
`responseActionsSentinelOneKillProcessEnabled` feature flag must be
enabled
> [!IMPORTANT]
> When entered, the response action will be sent to SentinelOne's system
for execution, but the response action will remain in `pending` in
Kibana for now. A follow up PR will introduce the necessary logic for
completing the aciton and displaying the results
## Summary
In this PR Security Gen AI related APIs are changed from internal to
public.
Conversations APIs:
- POST/PUT/GET/DELETE
`"/api/security_ai_assistant/current_user/conversations/{id}"`
- GET `"/api/security_ai_assistant/current_user/conversations/_find"`
Prompts APIs:
- POST `"/api/security_ai_assistant/prompts/_bulk_action"`
- GET `"/api/security_ai_assistant/current_user/conversations/_find"`
Anonymization APIs:
- POST `"/api/security_ai_assistant/anonymization_fields/_bulk_action"`
- GET `"/api/security_ai_assistant/anonymization_fields/_find"`
# Summary
Fixes below bugs based on feedback from @paulewing.
## Event Details Toggle in Notes
@paulewing requested to remove the event toggle
|Before|After|
|---|---|
||
|
## Notes Flyout remains open when switching tabs
|Before|After|
|---|---|
|<video
src="4228d2d6-c2ad-40dc-9e6c-ec049f834e8f"
/>|<video
src="0e010c22-4539-4428-9b1b-3b323a9f491c"
/>|
## Notes Flyout should be resizable
As shown in above video, notes flyout is now resizable.
By only grouping on `entity.id` we should be able to remove duplicates
in the latest indices.
This PR also removes the values found for `entity.identityFields` and
replaces it with a list of those field names.
This PR also lifts the values for the identity fields to the root of the
document.
This PR removes the `displayName` from the historical documents.
### How to test
Source data:
```
PUT index_a
{
"mappings": {
"properties": {
"a": {
"type": "keyword"
},
"@timestamp": {
"type": "date"
}
}
}
}
PUT index_b
{
"mappings": {
"properties": {
"b": {
"type": "keyword"
},
"@timestamp": {
"type": "date"
}
}
}
}
POST index_a/_doc
{
"a": "same",
"@timestamp": "2024-07-05T12:33:06.162Z"
}
POST index_b/_doc
{
"b": "same",
"@timestamp": "2024-07-05T12:33:06.162Z"
}
```
Entity definition:
```
POST kbn:/internal/api/entities/definition
{
"id": "bucket_key",
"name": "Bucket key",
"type": "service",
"indexPatterns": [
"index_*"
],
"timestampField": "@timestamp",
"lookback": "5m",
"identityFields": [
{
"field": "a",
"optional": true
},
{
"field": "b",
"optional": true
}
],
"displayNameTemplate": "{{a}}{{b}}",
"history": {
"timestampField": "@timestamp",
"interval": "5m"
}
}
```
### Change in the format of the resulting documents
```
"identityFields": {
"a": null,
"b": "same"
},
```
=>
```
"identityFields": [
"a",
"b"
],
```
Two minor fixes for the k8s onboarding:
- Make the troubleshooting link point to the whole page instead of the
Kubernetes section which is for now is not very relevant
- Remove `fill` from the copy button after we start monitoring data
## Summary
Pending work from: https://github.com/elastic/kibana/pull/186615
- The previous implementation to create `PrebuiltRuleAsset` with some
RuleResponse fields ommited from it had the disadvantage of being built
with a discriminated union where all rule types had to be re-listed. If
a new type was added, then it would have required manually adding the
type to that union as well, which would have been surely forgotten.
- This replaces that schema construction to use a Zod transform which
simply eliminates the omitted fields using a Zod transform.
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
https://github.com/elastic/kibana/pull/177263 changed the way
`telemetry-prebuilt-rule-alerts` get data from elastic, but it changed
the index used to run the queries. This PR fixes it using the proper
index.
**Addresses:** https://github.com/elastic/kibana/issues/183661
## Summary
This PR adds missing OpenAPI specs for the following Detections API endpoints available in both Serverless and ESS
- `POST /api/detection_engine/rules/preview`
and the following API endpoints available in ESS only
- `GET /api/detection_engine/privileges`
- `POST /api/detection_engine/rules/_bulk_delete`
## Summary
Fix#174752
env variables were read on module load, so before the CLI script could
change them based on user flag inputs.
This PR fixes making it lazily read the variable when required picking
up always the fresh value after the CLI set it.
After a first read of the value, it avoids to re-read env variables
again, preventing other scripts to poison it.
**Resolves: https://github.com/elastic/kibana/issues/187975**
## Summary
When upgrading or re-installing a package, all saved objects from a
previous package are loaded into memory using `bulkResolve`. This
creates unnecessary memory pressure for packages containing thousands of
saved objects, like the `security_detection_engine` package.
To mitigate that, we are now skipping saved object resolution for
packages known to be installed in `8.x`.
While testing locally on a package containing ~5000 detection rules, I
observed a significant drop in memory usage, from 1.17GB to 1.05GB at
peak.
**Before:**
**After:**
### Summary
When doing configuration of an OpenTelemetry agent, most of the
environment variables are provided with only the value, but the auth
headers one is using quotes.
When using a shell script or YAML to set environment variables, the
value has to be quoted due to spaces, but it's not always the case, for
example when setting an environment variable in Windows.
Also, removing the quotes makes it consistent with other environment
variable values.
### Screenshot before
Implements support for the Gemini connector:
- Adds the `.gemini` connector type id to the allowlisted connectors
- Create an adapter for the Gemini connector type that formats and
parses requests/responses in the format of Gemini on Vertex
What's still missing:
- Native function calling. We use simulated function calling for now.
There are some changes in the function schemas to prepare for this
(Gemini blows up when there are dots in property names).
- E2E tests. The Gemini connector always calls out to an external
endpoint, which causes the call to fail because we cannot hardcode
actual credentials.
## Summary
Resolves https://github.com/elastic/kibana/issues/178528.
Some packages declare `constant_keyword` type fields without an explicit
value. This causes ES to fill in the value in the mappings using the
first ingested value.
When upgrading this type of package & field after the value has already
been populated in this way, the mappings update fail due to pushing a
`null` value into an existing value, triggering unnecessary rollovers.
This PR fixes that by filling in the empty values from the existing
mappings.
## Test
1. On an empty cluster, turn on debug logs
2. Set up Fleet Server policy and Fleet Server agent
3. Force install old version of Elastic Agent integration, v1.19.2:
```
POST kbn:/api/fleet/epm/packages/elastic_agent/1.19.2
{
"force": true
}
```
4. Create a new empty policy, **deselect system and agent monitoring**
(otherwise the integration will be upgraded, we do not want this yet)
5. Manually add Elastic Agent integration v1.19.2 to the new policy
6. Edit the policy to enable logs and metrics monitoring
7. Enroll agent into the policy, confirm that monitoring logs and
metrics are being ingested and that a value exists for `event.dataset`
mapping for the logs:
```
GET logs-elastic_agent*/_mappings
```
```
"dataset": {
"type": "constant_keyword",
"value": "elastic_agent"
}
```
9. Upgrade Elastic Agent integration to v1.20.0 (note we are not
upgrading to the newest versions, 2.0+, because these **are** expected
to trigger rollovers for some data streams):
```
POST kbn:/api/fleet/epm/packages/elastic_agent/1.20.0
{
"force": true
}
```
10. Confirm in Kibana logs that no rollovers triggered during the
upgrade
11. Confirm that there is still only 1 backing index for monitoring
logs:
```
GET logs-elastic_agent*
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Fixes https://github.com/elastic/security-team/issues/9646
The embedded discover's `update` mechanism has changed and the `grid`
and `hideChart` properties keep changing on initial sync, causing the
timeline show as `changed` when it actually didn't. These two properties
are not important to actually determine the changed state of timeline
and we can therefore ignore them.
## Summary
Fixes https://github.com/elastic/kibana/issues/187333
## Testing behaviour:
Issue 1: verify similar behaviour from API as well.
1. Create a template
2. Add new toggle custom field with default value as true
3. Go to create case, See that new toggle custom field has value: true
4. Select recently created template
5. Toggle custom field new custom field with it's default value
Issue 2: verify similar behaviour from API as well.
1. Create a text custom field with default value
2. Create a template
3. Set text custom field value to empty
4. Save template
5. Go to create case
6. Select recently created template
7. See that text custom field value is updated as per template's custom
field value
## Summary
unskip tests that were skipped because of Agent vs Fleet server version
mismatch
looks like the temporary issue is fixed, so this PR unskips the tests,
while trying to find a long-term solution in the meanwhile
closes#187932closes#170373closes#168284closes#168340closes#173464closes#172326
## Summary
This PR limits the number of characters that can be input into the
global search bar. The character limit can be specified with the config
value `xpack.global_search_bar.input_max_limit` with a default of
`1000`. When an input that exceeds the configured character limit is
provided a descriptive visual notice is displayed to the user.
## Visual
<img width="662" alt="Screenshot 2024-07-04 at 19 28 39"
src="cf30f589-fe65-40a9-b9c8-ce0f235d206e">
## How to test
- run the following command below in the browser console, which would
create a string that exceeds the configured default search character
limit and copy it to your clipboard
```ts
copy(Array.from(new Array(1001)).reduce((acc) => acc+'a', ''))
```
- open up kibana, simply paste the value that should exist in your
clipboard in the global search input field and you should be presented
with a result similar to the image above.
---------
Co-authored-by: Eyo Okon Eyo <eyo.eyo@elastic.co>
Closes: https://github.com/elastic/observability-dev/issues/3687
## Description
The synthetics monitors include thumbnail screenshots that open a larger
preview window. These thumbnails must take keyboard focus, manage the
`Enter` and `Space` keypresses to open the modal, and return focus to
the originating thumbnail when the modal is closed. Screenshots attached
below.
### Steps to recreate
1. Open the
[Synthetics](https://keep-serverless-fyzdg-f07c50.kb.eu-west-1.aws.qa.elastic.cloud/app/synthetics)
view
2. Create a monitor if none exist
3. Click on that monitor and navigate to the [full monitor
detail](8b88e937-f917-4f12-9325-8ab005cffea5?locationId=us_central_qa)
view
4. Click on a thumbnail and verify the modal opens
5. Press `ESC` or the Close "X" and then press `TAB` to verify focus is
not on the thumbnail
### What was changed?:
1. Added `tabIndex=0` was for ScreenshotImage for handle keyboard
navigation
2. `ScreenshotImage` API was sightly changed: `onMouseEnter` ->
`onFocus`; `onMouseLeave` -> `onBlur`
### Screen:
a68df4b0-71c7-47ec-add7-41536027613c
