github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 10:23:14 -04:00
Code Issues Projects Releases Packages Wiki Activity
79198 commits 436 branches 496 tags 19 GiB
Commit graph

10 commits

Author SHA1 Message Date
Kibana Machine
ff7b33c65a
[8.x] [SecuritySolution] Load entity store indices from security solution data view (#195862) (#196209) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[SecuritySolution] Load entity store indices from security solution
data view (#195862)](https://github.com/elastic/kibana/pull/195862)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2024-10-14T20:56:58Z","message":"[SecuritySolution]
Load entity store indices from security solution data view
(#195862)\n\n## Summary\r\n\r\n* Update the Entity Store to retrieve
indices from the security solution\r\ndata view.\r\n* Create a new API
that updates all installed entity engine
indices\r\n(`api/entity_store/engines/apply_dataview_indices`)\r\n\r\n\r\n###
How to test it?\r\n* Install the entity store\r\n* Check if the
transform index has the security solutions data view\r\nindices\r\n*
Call `apply_dataview_indices` API; it should not return changes\r\n*
Update the security solution data view indices\r\n* Call
`apply_dataview_indices` API and if the API response contains
the\r\nupdated indices\r\n* Check if the transform index also got
updated\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"489c0901ffd335879d9652424ab15ef9f39cc4cb","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","v9.0.0","Team:
SecuritySolution","backport:prev-minor","Theme:
entity_analytics","Feature:Entity Analytics","Team:Entity
Analytics"],"title":"[SecuritySolution] Load entity store indices from
security solution data
view","number":195862,"url":"https://github.com/elastic/kibana/pull/195862","mergeCommit":{"message":"[SecuritySolution]
Load entity store indices from security solution data view
(#195862)\n\n## Summary\r\n\r\n* Update the Entity Store to retrieve
indices from the security solution\r\ndata view.\r\n* Create a new API
that updates all installed entity engine
indices\r\n(`api/entity_store/engines/apply_dataview_indices`)\r\n\r\n\r\n###
How to test it?\r\n* Install the entity store\r\n* Check if the
transform index has the security solutions data view\r\nindices\r\n*
Call `apply_dataview_indices` API; it should not return changes\r\n*
Update the security solution data view indices\r\n* Call
`apply_dataview_indices` API and if the API response contains
the\r\nupdated indices\r\n* Check if the transform index also got
updated\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"489c0901ffd335879d9652424ab15ef9f39cc4cb"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195862","number":195862,"mergeCommit":{"message":"[SecuritySolution]
Load entity store indices from security solution data view
(#195862)\n\n## Summary\r\n\r\n* Update the Entity Store to retrieve
indices from the security solution\r\ndata view.\r\n* Create a new API
that updates all installed entity engine
indices\r\n(`api/entity_store/engines/apply_dataview_indices`)\r\n\r\n\r\n###
How to test it?\r\n* Install the entity store\r\n* Check if the
transform index has the security solutions data view\r\nindices\r\n*
Call `apply_dataview_indices` API; it should not return changes\r\n*
Update the security solution data view indices\r\n* Call
`apply_dataview_indices` API and if the API response contains
the\r\nupdated indices\r\n* Check if the transform index also got
updated\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"489c0901ffd335879d9652424ab15ef9f39cc4cb"}}]}]
BACKPORT-->

Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>
 2024-10-15 06:14:35 -05:00
Maxim Palenov
d120e66c4b
[8.x] [HTTP/OAS] Include Security Solution domain OAS to production docs (#194132) (#195221) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[HTTP/OAS] Include Security Solution domain OAS to production docs
(#194132)](https://github.com/elastic/kibana/pull/194132)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2024-10-04T19:34:25Z","message":"[HTTP/OAS]
Include Security Solution domain OAS to production docs
(#194132)\n\n*Epic:**
https://github.com/elastic/security-team/issues/9401
(internal)\r\n\r\n## Summary\r\n\r\nThis PR includes Security Solution
OpenAPI domain bundles into the production OpenAPI Kibana bundle. The
result Kibana bundler is expected to be published to Bump.sh manually by
@lcawl.","sha":"102297ca151d56c8a7da36c14c72386b4cd225ca","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","docs","Team:
SecuritySolution","backport:prev-minor","Feature:OAS","v8.16.0"],"number":194132,"url":"https://github.com/elastic/kibana/pull/194132","mergeCommit":{"message":"[HTTP/OAS]
Include Security Solution domain OAS to production docs
(#194132)\n\n*Epic:**
https://github.com/elastic/security-team/issues/9401
(internal)\r\n\r\n## Summary\r\n\r\nThis PR includes Security Solution
OpenAPI domain bundles into the production OpenAPI Kibana bundle. The
result Kibana bundler is expected to be published to Bump.sh manually by
@lcawl.","sha":"102297ca151d56c8a7da36c14c72386b4cd225ca"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194132","number":194132,"mergeCommit":{"message":"[HTTP/OAS]
Include Security Solution domain OAS to production docs
(#194132)\n\n*Epic:**
https://github.com/elastic/security-team/issues/9401
(internal)\r\n\r\n## Summary\r\n\r\nThis PR includes Security Solution
OpenAPI domain bundles into the production OpenAPI Kibana bundle. The
result Kibana bundler is expected to be published to Bump.sh manually by
@lcawl.","sha":"102297ca151d56c8a7da36c14c72386b4cd225ca"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2024-10-07 09:29:06 -07:00
Jan Monschke
1186ed4504
[8.x] [Threat Hunting Investigations] Migrate all timeline routes to OpenAPI types (#190238) (#194606) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Threat Hunting Investigations] Migrate all timeline routes to
OpenAPI types (#190238)](https://github.com/elastic/kibana/pull/190238)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jan
Monschke","email":"jan.monschke@elastic.co"},"sourceCommit":{"committedDate":"2024-09-30T18:55:23Z","message":"[Threat
Hunting Investigations] Migrate all timeline routes to OpenAPI types
(#190238)\n\n## Summary\r\n\r\nfixes:
https://github.com/elastic/security-team/issues/10235\r\nfixes:
https://github.com/elastic/security-team/issues/10237\r\n\r\nThis is the
final PR for migrating over all timeline-related schemas and\r\ntypes to
the new generated zod schemas from our OpenAPI specs.
(see\r\nhttps://github.com/elastic/security-team/issues/10110)\r\nOn top
of moving to the new schemas/types, this PR also cleans up usage\r\nof
now outdated types.\r\n\r\nI'm aware of the size of this PR but rest
assured, the changes are easy\r\nto review and for most teams, only a
handful of files need to be\r\nreviewed:\r\n\r\n```markdown\r\n###
elastic/security-defend-workflows\r\n\r\n*
x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations.ts\r\n\r\n###
elastic/security-detection-rule-management\r\n\r\n*
x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts\r\n*
x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/perform_timelines_installation.ts\r\n\r\n###
elastic/security-detections-response\r\n\r\n*
x-pack/test/security_solution_cypress/cypress/objects/timeline.ts\r\n\r\n###
elastic/security-engineering-productivity\r\n\r\n*
x-pack/test/security_solution_cypress/cypress/objects/timeline.ts\r\n*
x-pack/test/security_solution_cypress/cypress/tasks/api_calls/timelines.ts\r\n```\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"00789609ad663efffd7b3997ca773fe3ea5511e2","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v9.0.0","Team:Threat
Hunting:Investigations","v8.16.0"],"number":190238,"url":"https://github.com/elastic/kibana/pull/190238","mergeCommit":{"message":"[Threat
Hunting Investigations] Migrate all timeline routes to OpenAPI types
(#190238)\n\n## Summary\r\n\r\nfixes:
https://github.com/elastic/security-team/issues/10235\r\nfixes:
https://github.com/elastic/security-team/issues/10237\r\n\r\nThis is the
final PR for migrating over all timeline-related schemas and\r\ntypes to
the new generated zod schemas from our OpenAPI specs.
(see\r\nhttps://github.com/elastic/security-team/issues/10110)\r\nOn top
of moving to the new schemas/types, this PR also cleans up usage\r\nof
now outdated types.\r\n\r\nI'm aware of the size of this PR but rest
assured, the changes are easy\r\nto review and for most teams, only a
handful of files need to be\r\nreviewed:\r\n\r\n```markdown\r\n###
elastic/security-defend-workflows\r\n\r\n*
x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations.ts\r\n\r\n###
elastic/security-detection-rule-management\r\n\r\n*
x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts\r\n*
x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/perform_timelines_installation.ts\r\n\r\n###
elastic/security-detections-response\r\n\r\n*
x-pack/test/security_solution_cypress/cypress/objects/timeline.ts\r\n\r\n###
elastic/security-engineering-productivity\r\n\r\n*
x-pack/test/security_solution_cypress/cypress/objects/timeline.ts\r\n*
x-pack/test/security_solution_cypress/cypress/tasks/api_calls/timelines.ts\r\n```\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"00789609ad663efffd7b3997ca773fe3ea5511e2"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/190238","number":190238,"mergeCommit":{"message":"[Threat
Hunting Investigations] Migrate all timeline routes to OpenAPI types
(#190238)\n\n## Summary\r\n\r\nfixes:
https://github.com/elastic/security-team/issues/10235\r\nfixes:
https://github.com/elastic/security-team/issues/10237\r\n\r\nThis is the
final PR for migrating over all timeline-related schemas and\r\ntypes to
the new generated zod schemas from our OpenAPI specs.
(see\r\nhttps://github.com/elastic/security-team/issues/10110)\r\nOn top
of moving to the new schemas/types, this PR also cleans up usage\r\nof
now outdated types.\r\n\r\nI'm aware of the size of this PR but rest
assured, the changes are easy\r\nto review and for most teams, only a
handful of files need to be\r\nreviewed:\r\n\r\n```markdown\r\n###
elastic/security-defend-workflows\r\n\r\n*
x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations.ts\r\n\r\n###
elastic/security-detection-rule-management\r\n\r\n*
x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts\r\n*
x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/perform_timelines_installation.ts\r\n\r\n###
elastic/security-detections-response\r\n\r\n*
x-pack/test/security_solution_cypress/cypress/objects/timeline.ts\r\n\r\n###
elastic/security-engineering-productivity\r\n\r\n*
x-pack/test/security_solution_cypress/cypress/objects/timeline.ts\r\n*
x-pack/test/security_solution_cypress/cypress/tasks/api_calls/timelines.ts\r\n```\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"00789609ad663efffd7b3997ca773fe3ea5511e2"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2024-10-01 12:06:41 -05:00
Jan Monschke
45b67b9326
[8.x] [Threat Hunting Investigations] Use OpenAPI types in more timeline routes (#189977) (#194581) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Threat Hunting Investigations] Use OpenAPI types in more timeline
routes (#189977)](https://github.com/elastic/kibana/pull/189977)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jan
Monschke","email":"jan.monschke@elastic.co"},"sourceCommit":{"committedDate":"2024-09-24T06:49:44Z","message":"[Threat
Hunting Investigations] Use OpenAPI types in more timeline routes
(#189977)\n\n## Summary\r\n\r\nFixes:
https://github.com/elastic/security-team/issues/10133\r\n\r\nMigrates
some timeline routes to use the newly generated OpenAPI types.\r\nThe
changes mostly affect pinned event and note routes to keep
the\r\nchanges small. Routes that actually accept and return timeline
objects\r\nwill come in a next step.\r\n\r\n\r\n### Checklist\r\n\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"caad89426c0e790a54cfb6055f09decc3fd9733b","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v9.0.0","Team:Threat
Hunting:Investigations","v8.16.0"],"number":189977,"url":"https://github.com/elastic/kibana/pull/189977","mergeCommit":{"message":"[Threat
Hunting Investigations] Use OpenAPI types in more timeline routes
(#189977)\n\n## Summary\r\n\r\nFixes:
https://github.com/elastic/security-team/issues/10133\r\n\r\nMigrates
some timeline routes to use the newly generated OpenAPI types.\r\nThe
changes mostly affect pinned event and note routes to keep
the\r\nchanges small. Routes that actually accept and return timeline
objects\r\nwill come in a next step.\r\n\r\n\r\n### Checklist\r\n\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"caad89426c0e790a54cfb6055f09decc3fd9733b"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/189977","number":189977,"mergeCommit":{"message":"[Threat
Hunting Investigations] Use OpenAPI types in more timeline routes
(#189977)\n\n## Summary\r\n\r\nFixes:
https://github.com/elastic/security-team/issues/10133\r\n\r\nMigrates
some timeline routes to use the newly generated OpenAPI types.\r\nThe
changes mostly affect pinned event and note routes to keep
the\r\nchanges small. Routes that actually accept and return timeline
objects\r\nwill come in a next step.\r\n\r\n\r\n### Checklist\r\n\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"caad89426c0e790a54cfb6055f09decc3fd9733b"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2024-10-01 10:17:51 -05:00
Abhishek Bhatia
906556a881
[8.x] [Entity Analytics] New API endpoint to cleanup the risk engine installation and data (#191843) (#193989) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Entity Analytics] New API endpoint to cleanup the risk engine
installation and data
(#191843)](https://github.com/elastic/kibana/pull/191843)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Abhishek
Bhatia","email":"117628830+abhishekbhatia1710@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-25T11:35:24Z","message":"[Entity
Analytics] New API endpoint to cleanup the risk engine installation and
data (#191843)\n\n## Summary\r\n\r\n1. Create a new public API endpoint
:
`DELETE\r\n/api/risk_score/engine/dangerously_delete_data`\r\n\r\n\r\n##
Test cases Result\r\n\r\n```\r\n PASS
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts
(7.017 s)\r\n risk engine cleanup route\r\n invokes the risk engine
cleanup route\r\n ✓ should call the router with the correct route and
handler (71 ms)\r\n ✓ returns a 200 when cleanup is successful (64
ms)\r\n ✓ returns a 500 when cleanup is unsuccessful (57 ms)\r\n ✓
returns a 500 when cleanup is unsuccessful with multiple errors (53
ms)\r\n when task manager is unavailable\r\n ✓ returns a 400 when task
manager is unavailable (55 ms)\r\n when user does not have the required
privileges\r\n ✓ returns a 403 when user does not have the required
privileges (88 ms)\r\n```\r\n\r\n\r\n### API Responses\r\n\r\n## When
multiple errors encountered\r\n```\r\n{\r\n \"risk_engine_cleanup\":
false,\r\n \"errors\": [\r\n {\r\n \"seq\": 1,\r\n \"error\":
\"resource_not_found_exception\\n\\tRoot
causes:\\n\\t\\tresource_not_found_exception: Transform with id
[risk_score_latest_transform_default] could not be found\"\r\n },\r\n
{\r\n \"seq\": 2,\r\n \"error\": \"index_not_found_exception\\n\\tRoot
causes:\\n\\t\\tindex_not_found_exception: no such index
[risk-score.risk-score-default]\"\r\n },\r\n {\r\n \"seq\": 3,\r\n
\"error\": \"index_template_missing_exception\\n\\tRoot
causes:\\n\\t\\tindex_template_missing_exception: index_template
[.risk-score.risk-score-default-index-template] missing\"\r\n },\r\n
{\r\n \"seq\": 4,\r\n \"error\":
\"resource_not_found_exception\\n\\tRoot
causes:\\n\\t\\tresource_not_found_exception: .risk-score-mappings\"\r\n
}\r\n ],\r\n \"status_code\": 500\r\n}\r\n```\r\n\r\n##
Success\r\n\r\n```\r\n{\r\n \"risk_engine_cleanup\":
true\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\nDelete any items that are
not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n###
OpenAPI
spec\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/56d69602-061d-4a01-9d2b-01a8398ffc76)\r\n\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"22f451b30df3f80974b73314c9db4c8f8a509789","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","v9.0.0","Team:
SecuritySolution","backport:prev-minor","Feature:Entity
Analytics","Team:Entity
Analytics"],"number":191843,"url":"https://github.com/elastic/kibana/pull/191843","mergeCommit":{"message":"[Entity
Analytics] New API endpoint to cleanup the risk engine installation and
data (#191843)\n\n## Summary\r\n\r\n1. Create a new public API endpoint
:
`DELETE\r\n/api/risk_score/engine/dangerously_delete_data`\r\n\r\n\r\n##
Test cases Result\r\n\r\n```\r\n PASS
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts
(7.017 s)\r\n risk engine cleanup route\r\n invokes the risk engine
cleanup route\r\n ✓ should call the router with the correct route and
handler (71 ms)\r\n ✓ returns a 200 when cleanup is successful (64
ms)\r\n ✓ returns a 500 when cleanup is unsuccessful (57 ms)\r\n ✓
returns a 500 when cleanup is unsuccessful with multiple errors (53
ms)\r\n when task manager is unavailable\r\n ✓ returns a 400 when task
manager is unavailable (55 ms)\r\n when user does not have the required
privileges\r\n ✓ returns a 403 when user does not have the required
privileges (88 ms)\r\n```\r\n\r\n\r\n### API Responses\r\n\r\n## When
multiple errors encountered\r\n```\r\n{\r\n \"risk_engine_cleanup\":
false,\r\n \"errors\": [\r\n {\r\n \"seq\": 1,\r\n \"error\":
\"resource_not_found_exception\\n\\tRoot
causes:\\n\\t\\tresource_not_found_exception: Transform with id
[risk_score_latest_transform_default] could not be found\"\r\n },\r\n
{\r\n \"seq\": 2,\r\n \"error\": \"index_not_found_exception\\n\\tRoot
causes:\\n\\t\\tindex_not_found_exception: no such index
[risk-score.risk-score-default]\"\r\n },\r\n {\r\n \"seq\": 3,\r\n
\"error\": \"index_template_missing_exception\\n\\tRoot
causes:\\n\\t\\tindex_template_missing_exception: index_template
[.risk-score.risk-score-default-index-template] missing\"\r\n },\r\n
{\r\n \"seq\": 4,\r\n \"error\":
\"resource_not_found_exception\\n\\tRoot
causes:\\n\\t\\tresource_not_found_exception: .risk-score-mappings\"\r\n
}\r\n ],\r\n \"status_code\": 500\r\n}\r\n```\r\n\r\n##
Success\r\n\r\n```\r\n{\r\n \"risk_engine_cleanup\":
true\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\nDelete any items that are
not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n###
OpenAPI
spec\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/56d69602-061d-4a01-9d2b-01a8398ffc76)\r\n\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"22f451b30df3f80974b73314c9db4c8f8a509789"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191843","number":191843,"mergeCommit":{"message":"[Entity
Analytics] New API endpoint to cleanup the risk engine installation and
data (#191843)\n\n## Summary\r\n\r\n1. Create a new public API endpoint
:
`DELETE\r\n/api/risk_score/engine/dangerously_delete_data`\r\n\r\n\r\n##
Test cases Result\r\n\r\n```\r\n PASS
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts
(7.017 s)\r\n risk engine cleanup route\r\n invokes the risk engine
cleanup route\r\n ✓ should call the router with the correct route and
handler (71 ms)\r\n ✓ returns a 200 when cleanup is successful (64
ms)\r\n ✓ returns a 500 when cleanup is unsuccessful (57 ms)\r\n ✓
returns a 500 when cleanup is unsuccessful with multiple errors (53
ms)\r\n when task manager is unavailable\r\n ✓ returns a 400 when task
manager is unavailable (55 ms)\r\n when user does not have the required
privileges\r\n ✓ returns a 403 when user does not have the required
privileges (88 ms)\r\n```\r\n\r\n\r\n### API Responses\r\n\r\n## When
multiple errors encountered\r\n```\r\n{\r\n \"risk_engine_cleanup\":
false,\r\n \"errors\": [\r\n {\r\n \"seq\": 1,\r\n \"error\":
\"resource_not_found_exception\\n\\tRoot
causes:\\n\\t\\tresource_not_found_exception: Transform with id
[risk_score_latest_transform_default] could not be found\"\r\n },\r\n
{\r\n \"seq\": 2,\r\n \"error\": \"index_not_found_exception\\n\\tRoot
causes:\\n\\t\\tindex_not_found_exception: no such index
[risk-score.risk-score-default]\"\r\n },\r\n {\r\n \"seq\": 3,\r\n
\"error\": \"index_template_missing_exception\\n\\tRoot
causes:\\n\\t\\tindex_template_missing_exception: index_template
[.risk-score.risk-score-default-index-template] missing\"\r\n },\r\n
{\r\n \"seq\": 4,\r\n \"error\":
\"resource_not_found_exception\\n\\tRoot
causes:\\n\\t\\tresource_not_found_exception: .risk-score-mappings\"\r\n
}\r\n ],\r\n \"status_code\": 500\r\n}\r\n```\r\n\r\n##
Success\r\n\r\n```\r\n{\r\n \"risk_engine_cleanup\":
true\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\nDelete any items that are
not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n###
OpenAPI
spec\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/56d69602-061d-4a01-9d2b-01a8398ffc76)\r\n\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"22f451b30df3f80974b73314c9db4c8f8a509789"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-09-26 12:19:56 -05:00
Kibana Machine
ce7477005f
[8.x] [Entity Analytics] [Entity Store] Add basic e2e tests and + tidy API route names (#193161) (#193829) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Entity Analytics] [Entity Store] Add basic e2e tests and + tidy API
route names (#193161)](https://github.com/elastic/kibana/pull/193161)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mark
Hopkin","email":"mark.hopkin@elastic.co"},"sourceCommit":{"committedDate":"2024-09-24T08:31:32Z","message":"[Entity
Analytics] [Entity Store] Add basic e2e tests and + tidy API route names
(#193161)\n\n## Summary\r\n\r\nAdds basic end to end tests for the
engine CRUD routes.\r\n\r\nI also noticed there was some inconsistency
in the naming of the API\r\nroutes which I have
fixed.\r\n\r\n---------\r\n\r\nCo-authored-by: machadoum
<pablo.nevesmachado@elastic.co>\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Tiago Vila Verde
<tiago.vilaverde@elastic.co>","sha":"0b4f8774dd933dbfb9cc7816b2484bf5cc25752e","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:
SecuritySolution","backport:prev-minor","Feature:Entity
Analytics","Team:Entity Analytics","v8.16.0"],"title":"[Entity
Analytics] [Entity Store] Add basic e2e tests and + tidy API route
names","number":193161,"url":"https://github.com/elastic/kibana/pull/193161","mergeCommit":{"message":"[Entity
Analytics] [Entity Store] Add basic e2e tests and + tidy API route names
(#193161)\n\n## Summary\r\n\r\nAdds basic end to end tests for the
engine CRUD routes.\r\n\r\nI also noticed there was some inconsistency
in the naming of the API\r\nroutes which I have
fixed.\r\n\r\n---------\r\n\r\nCo-authored-by: machadoum
<pablo.nevesmachado@elastic.co>\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Tiago Vila Verde
<tiago.vilaverde@elastic.co>","sha":"0b4f8774dd933dbfb9cc7816b2484bf5cc25752e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193161","number":193161,"mergeCommit":{"message":"[Entity
Analytics] [Entity Store] Add basic e2e tests and + tidy API route names
(#193161)\n\n## Summary\r\n\r\nAdds basic end to end tests for the
engine CRUD routes.\r\n\r\nI also noticed there was some inconsistency
in the naming of the API\r\nroutes which I have
fixed.\r\n\r\n---------\r\n\r\nCo-authored-by: machadoum
<pablo.nevesmachado@elastic.co>\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Tiago Vila Verde
<tiago.vilaverde@elastic.co>","sha":"0b4f8774dd933dbfb9cc7816b2484bf5cc25752e"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
 2024-09-24 04:58:02 -05:00
Pablo Machado
8a6da9bd78
[8.x] [SecuritySolutions] Create Entity Store 'entities/list' API (#192806) (#193562) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[SecuritySolutions] Create Entity Store 'entities/list' API
(#192806)](https://github.com/elastic/kibana/pull/192806)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2024-09-19T12:54:53Z","message":"[SecuritySolutions]
Create Entity Store 'entities/list' API (#192806)\n\nThis PR introduces
the following API routes for listing Entity
Store\r\n\"entities\":\r\n\r\n<meta charset=\"utf-8\"><b
style=\"font-weight:normal;\"\r\nid=\"docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb\"><div\r\ndir=\"ltr\"
style=\"margin-left:-0.75pt;\" align=\"left\">\r\nList Entities | GET
/api/entity_store/entities/list\r\n-- | --\r\n</div></b>\r\n\r\nThe PR
includes the following:\r\n - The OpenAPI schemas for the route\r\n -
The actual Kibana side endpoint\r\n - Add searchEntities function to the
`EntityStoreDataClient`\r\n \r\n\r\n### How to test\r\n\r\n1. Add some
host/user data\r\n* Easiest is to
use\r\n[elastic/security-data-generator](https://github.com/elastic/security-documents-generator)\r\n2.
Make sure to add `entityStoreEnabled`
under\r\n`xpack.securitySolution.enableExperimental` in your
`kibana.dev.yml`\r\n3. In kibana dev tools or your terminal, call the
`INIT` route for\r\neither `user` or `host`.\r\n4. You should now see 2
transforms in kibana. Make sure to re-trigger\r\nthem if needed so they
process the documents.\r\n5. Call the new API, and it should return
entities \r\n\r\n\r\n\r\nImplements
https://github.com/elastic/security-team/issues/10517\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"27f5da436b70da1a3743ee99c54d8159918b40de","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","release_note:feature","backport:prev-minor","Theme:
entity_analytics","Feature:Entity Analytics","Team:Entity
Analytics","v8.16.0"],"number":192806,"url":"https://github.com/elastic/kibana/pull/192806","mergeCommit":{"message":"[SecuritySolutions]
Create Entity Store 'entities/list' API (#192806)\n\nThis PR introduces
the following API routes for listing Entity
Store\r\n\"entities\":\r\n\r\n<meta charset=\"utf-8\"><b
style=\"font-weight:normal;\"\r\nid=\"docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb\"><div\r\ndir=\"ltr\"
style=\"margin-left:-0.75pt;\" align=\"left\">\r\nList Entities | GET
/api/entity_store/entities/list\r\n-- | --\r\n</div></b>\r\n\r\nThe PR
includes the following:\r\n - The OpenAPI schemas for the route\r\n -
The actual Kibana side endpoint\r\n - Add searchEntities function to the
`EntityStoreDataClient`\r\n \r\n\r\n### How to test\r\n\r\n1. Add some
host/user data\r\n* Easiest is to
use\r\n[elastic/security-data-generator](https://github.com/elastic/security-documents-generator)\r\n2.
Make sure to add `entityStoreEnabled`
under\r\n`xpack.securitySolution.enableExperimental` in your
`kibana.dev.yml`\r\n3. In kibana dev tools or your terminal, call the
`INIT` route for\r\neither `user` or `host`.\r\n4. You should now see 2
transforms in kibana. Make sure to re-trigger\r\nthem if needed so they
process the documents.\r\n5. Call the new API, and it should return
entities \r\n\r\n\r\n\r\nImplements
https://github.com/elastic/security-team/issues/10517\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"27f5da436b70da1a3743ee99c54d8159918b40de"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192806","number":192806,"mergeCommit":{"message":"[SecuritySolutions]
Create Entity Store 'entities/list' API (#192806)\n\nThis PR introduces
the following API routes for listing Entity
Store\r\n\"entities\":\r\n\r\n<meta charset=\"utf-8\"><b
style=\"font-weight:normal;\"\r\nid=\"docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb\"><div\r\ndir=\"ltr\"
style=\"margin-left:-0.75pt;\" align=\"left\">\r\nList Entities | GET
/api/entity_store/entities/list\r\n-- | --\r\n</div></b>\r\n\r\nThe PR
includes the following:\r\n - The OpenAPI schemas for the route\r\n -
The actual Kibana side endpoint\r\n - Add searchEntities function to the
`EntityStoreDataClient`\r\n \r\n\r\n### How to test\r\n\r\n1. Add some
host/user data\r\n* Easiest is to
use\r\n[elastic/security-data-generator](https://github.com/elastic/security-documents-generator)\r\n2.
Make sure to add `entityStoreEnabled`
under\r\n`xpack.securitySolution.enableExperimental` in your
`kibana.dev.yml`\r\n3. In kibana dev tools or your terminal, call the
`INIT` route for\r\neither `user` or `host`.\r\n4. You should now see 2
transforms in kibana. Make sure to re-trigger\r\nthem if needed so they
process the documents.\r\n5. Call the new API, and it should return
entities \r\n\r\n\r\n\r\nImplements
https://github.com/elastic/security-team/issues/10517\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"27f5da436b70da1a3743ee99c54d8159918b40de"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-09-23 05:07:53 -05:00
Tiago Vila Verde
3c136e9dc6
[8.x] [Security Solution][Entity Analytics] APIs for Entity Store engine (#191986) (#193567) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution][Entity Analytics] APIs for Entity Store engine
(#191986)](https://github.com/elastic/kibana/pull/191986)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tiago Vila
Verde","email":"tiago.vilaverde@elastic.co"},"sourceCommit":{"committedDate":"2024-09-16T15:15:10Z","message":"[Security
Solution][Entity Analytics] APIs for Entity Store engine
(#191986)\n\nThis PR introduces the following API routes for setting up
Entity Store\r\n\"engines\":\r\n\r\n<meta charset=\"utf-8\"><b
style=\"font-weight:normal;\"\r\nid=\"docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb\"><div\r\ndir=\"ltr\"
style=\"margin-left:-0.75pt;\" align=\"left\">\r\nInitialise Engine |
POST /api/entity_store/engines/<entity_type>/init\r\n-- | --\r\nStart
Engine | POST /api/entity_store/engines/<entity_type>/start\r\nStop
Engine | POST /api/entity_store/engines/<entity_type>/stop\r\nDelete
Engine | DELETE /api/entity_store/engines/<entity_type>\r\nGet engine |
GET  /api/entity_store/engines/<entity_type>\r\nList Engines | GET
/api/entity_store/engines\r\n\r\n</div></b>\r\n\r\nThe PR includes the
following:\r\n- Adding the `EntityManager` plugin (see
elastic/obs-entities) as a\r\ndependency of the Security Solution\r\n -
The OpenAPI schemas for the new routes\r\n - The actual Kibana side
endpoints\r\n - A `Saved Object` to track the installed engines\r\n - A
new `EntityStoreDataClient`\r\n - A new feature flag
`entityStoreEngineRoutesEnabled` \r\n \r\n\r\n### How to test\r\n\r\n1.
Add some host/user data\r\n* Easiest is to
use\r\n[elastic/security-data-generator](https://github.com/elastic/security-documents-generator)\r\n2.
Make sure to add `entityStoreEngineRoutesEnabled`
under\r\n`xpack.securitySolution.enableExperimental` in your
`kibana.dev.yml`\r\n3. In kibana dev tools or your terminal, call the
`INIT` route for\r\neither `user` or `host`.\r\n4. You should now see 2
transforms in kibana. Make sure to re-trigger\r\nthem if needed so they
process the documents.\r\n5. Check that new entities have been observed
by querying the new\r\nentities index via:\r\n * `GET
.entities.v1.latest.ea*/_search`\r\n6. Check the other endpoints are
working (`START`, `STOP`, `LIST`, etc)\r\n7. Calling `DELETE` should
remove the transforms\r\n\r\n\r\n\r\nImplements
https://github.com/elastic/security-team/issues/10230\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"cd964f1229b1fdc919677768dae22cf1c05fa3e2","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport:skip","v9.0.0","release_note:feature","Theme:
entity_analytics","Feature:Entity Analytics","Team:Entity
Analytics"],"number":191986,"url":"https://github.com/elastic/kibana/pull/191986","mergeCommit":{"message":"[Security
Solution][Entity Analytics] APIs for Entity Store engine
(#191986)\n\nThis PR introduces the following API routes for setting up
Entity Store\r\n\"engines\":\r\n\r\n<meta charset=\"utf-8\"><b
style=\"font-weight:normal;\"\r\nid=\"docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb\"><div\r\ndir=\"ltr\"
style=\"margin-left:-0.75pt;\" align=\"left\">\r\nInitialise Engine |
POST /api/entity_store/engines/<entity_type>/init\r\n-- | --\r\nStart
Engine | POST /api/entity_store/engines/<entity_type>/start\r\nStop
Engine | POST /api/entity_store/engines/<entity_type>/stop\r\nDelete
Engine | DELETE /api/entity_store/engines/<entity_type>\r\nGet engine |
GET  /api/entity_store/engines/<entity_type>\r\nList Engines | GET
/api/entity_store/engines\r\n\r\n</div></b>\r\n\r\nThe PR includes the
following:\r\n- Adding the `EntityManager` plugin (see
elastic/obs-entities) as a\r\ndependency of the Security Solution\r\n -
The OpenAPI schemas for the new routes\r\n - The actual Kibana side
endpoints\r\n - A `Saved Object` to track the installed engines\r\n - A
new `EntityStoreDataClient`\r\n - A new feature flag
`entityStoreEngineRoutesEnabled` \r\n \r\n\r\n### How to test\r\n\r\n1.
Add some host/user data\r\n* Easiest is to
use\r\n[elastic/security-data-generator](https://github.com/elastic/security-documents-generator)\r\n2.
Make sure to add `entityStoreEngineRoutesEnabled`
under\r\n`xpack.securitySolution.enableExperimental` in your
`kibana.dev.yml`\r\n3. In kibana dev tools or your terminal, call the
`INIT` route for\r\neither `user` or `host`.\r\n4. You should now see 2
transforms in kibana. Make sure to re-trigger\r\nthem if needed so they
process the documents.\r\n5. Check that new entities have been observed
by querying the new\r\nentities index via:\r\n * `GET
.entities.v1.latest.ea*/_search`\r\n6. Check the other endpoints are
working (`START`, `STOP`, `LIST`, etc)\r\n7. Calling `DELETE` should
remove the transforms\r\n\r\n\r\n\r\nImplements
https://github.com/elastic/security-team/issues/10230\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"cd964f1229b1fdc919677768dae22cf1c05fa3e2"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191986","number":191986,"mergeCommit":{"message":"[Security
Solution][Entity Analytics] APIs for Entity Store engine
(#191986)\n\nThis PR introduces the following API routes for setting up
Entity Store\r\n\"engines\":\r\n\r\n<meta charset=\"utf-8\"><b
style=\"font-weight:normal;\"\r\nid=\"docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb\"><div\r\ndir=\"ltr\"
style=\"margin-left:-0.75pt;\" align=\"left\">\r\nInitialise Engine |
POST /api/entity_store/engines/<entity_type>/init\r\n-- | --\r\nStart
Engine | POST /api/entity_store/engines/<entity_type>/start\r\nStop
Engine | POST /api/entity_store/engines/<entity_type>/stop\r\nDelete
Engine | DELETE /api/entity_store/engines/<entity_type>\r\nGet engine |
GET  /api/entity_store/engines/<entity_type>\r\nList Engines | GET
/api/entity_store/engines\r\n\r\n</div></b>\r\n\r\nThe PR includes the
following:\r\n- Adding the `EntityManager` plugin (see
elastic/obs-entities) as a\r\ndependency of the Security Solution\r\n -
The OpenAPI schemas for the new routes\r\n - The actual Kibana side
endpoints\r\n - A `Saved Object` to track the installed engines\r\n - A
new `EntityStoreDataClient`\r\n - A new feature flag
`entityStoreEngineRoutesEnabled` \r\n \r\n\r\n### How to test\r\n\r\n1.
Add some host/user data\r\n* Easiest is to
use\r\n[elastic/security-data-generator](https://github.com/elastic/security-documents-generator)\r\n2.
Make sure to add `entityStoreEngineRoutesEnabled`
under\r\n`xpack.securitySolution.enableExperimental` in your
`kibana.dev.yml`\r\n3. In kibana dev tools or your terminal, call the
`INIT` route for\r\neither `user` or `host`.\r\n4. You should now see 2
transforms in kibana. Make sure to re-trigger\r\nthem if needed so they
process the documents.\r\n5. Check that new entities have been observed
by querying the new\r\nentities index via:\r\n * `GET
.entities.v1.latest.ea*/_search`\r\n6. Check the other endpoints are
working (`START`, `STOP`, `LIST`, etc)\r\n7. Calling `DELETE` should
remove the transforms\r\n\r\n\r\n\r\nImplements
https://github.com/elastic/security-team/issues/10230\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"cd964f1229b1fdc919677768dae22cf1c05fa3e2"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-09-20 16:20:31 +01:00
Kibana Machine
607d71decc
[8.x] [Security Solution][Detection Engine] log ES requests when running rule preview (#191107) (#193425) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution][Detection Engine] log ES requests when running
rule preview (#191107)](https://github.com/elastic/kibana/pull/191107)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Vitalii
Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-19T13:45:41Z","message":"[Security
Solution][Detection Engine] log ES requests when running rule preview
(#191107)\n\n## Summary\r\n\r\n**Status:** works only for **ES|QL and
EQL** rule types\r\n\r\nWhen clicking on \"Show Elasticsearch requests,
ran during rule\r\nexecutions\" preview would return logged
Elasticsearch queries that can\r\nbe used to debug/explore rule
execution.\r\nEach rule execution accordion has time rule execution
started and its\r\nduration.\r\nUpon opening accordion: it will display
ES requests with their\r\ndescription and duration.\r\n\r\n**NOTE**:
Only search requests are returned, not the requests that\r\ncreate
actual alerts\r\n\r\nFeature flag: **loggingRequestsEnabled**\r\n\r\nOn
week
Demo([internal\r\nlink](https://drive.google.com/drive/folders/1l-cDhbiMxykNH6BzIxFAnLeibmV9a4Cz))\r\n\r\n###
Video demo (older
UI)\r\n\r\n\r\nhttps://github.com/user-attachments/assets/26f963da-c528-447c-9efd-350b4d42b52c\r\n\r\n###
Up to date UI\r\n\r\n#### UI control\r\n<img width=\"733\"
alt=\"Screenshot 2024-09-11 at 12 39
07\"\r\nsrc=\"https://github.com/user-attachments/assets/c2b1304d-6f93-4e8e-92f9-a6a0b53cefc7\">\r\n\r\n####
List of executions and code blocks\r\n<img width=\"770\"
alt=\"Screenshot 2024-09-11 at 12 38
23\"\r\nsrc=\"https://github.com/user-attachments/assets/48b5aa12-174c-46f5-b0bc-a141833b225b\">\r\n\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n🎉 All tests passed!
-\r\n[kibana-flaky-test-suite-runner#6909](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6909)\r\n[]
[Serverless] Security Solution Detection Engine - Cypress:
100/100\r\ntests passed.\r\n[] Security Solution Detection Engine -
Cypress: 100/100 tests passed.\r\n\r\nFTR tests
-\r\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6918\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"60176bcffdcbdb75b48823f4783923528797efe0","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","Team:
SecuritySolution","release_note:feature","backport:prev-minor","Team:Detection
Engine","8.16 candidate","v8.16.0"],"title":"[Security
Solution][Detection Engine] log ES requests when running rule
preview","number":191107,"url":"https://github.com/elastic/kibana/pull/191107","mergeCommit":{"message":"[Security
Solution][Detection Engine] log ES requests when running rule preview
(#191107)\n\n## Summary\r\n\r\n**Status:** works only for **ES|QL and
EQL** rule types\r\n\r\nWhen clicking on \"Show Elasticsearch requests,
ran during rule\r\nexecutions\" preview would return logged
Elasticsearch queries that can\r\nbe used to debug/explore rule
execution.\r\nEach rule execution accordion has time rule execution
started and its\r\nduration.\r\nUpon opening accordion: it will display
ES requests with their\r\ndescription and duration.\r\n\r\n**NOTE**:
Only search requests are returned, not the requests that\r\ncreate
actual alerts\r\n\r\nFeature flag: **loggingRequestsEnabled**\r\n\r\nOn
week
Demo([internal\r\nlink](https://drive.google.com/drive/folders/1l-cDhbiMxykNH6BzIxFAnLeibmV9a4Cz))\r\n\r\n###
Video demo (older
UI)\r\n\r\n\r\nhttps://github.com/user-attachments/assets/26f963da-c528-447c-9efd-350b4d42b52c\r\n\r\n###
Up to date UI\r\n\r\n#### UI control\r\n<img width=\"733\"
alt=\"Screenshot 2024-09-11 at 12 39
07\"\r\nsrc=\"https://github.com/user-attachments/assets/c2b1304d-6f93-4e8e-92f9-a6a0b53cefc7\">\r\n\r\n####
List of executions and code blocks\r\n<img width=\"770\"
alt=\"Screenshot 2024-09-11 at 12 38
23\"\r\nsrc=\"https://github.com/user-attachments/assets/48b5aa12-174c-46f5-b0bc-a141833b225b\">\r\n\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n🎉 All tests passed!
-\r\n[kibana-flaky-test-suite-runner#6909](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6909)\r\n[]
[Serverless] Security Solution Detection Engine - Cypress:
100/100\r\ntests passed.\r\n[] Security Solution Detection Engine -
Cypress: 100/100 tests passed.\r\n\r\nFTR tests
-\r\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6918\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"60176bcffdcbdb75b48823f4783923528797efe0"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191107","number":191107,"mergeCommit":{"message":"[Security
Solution][Detection Engine] log ES requests when running rule preview
(#191107)\n\n## Summary\r\n\r\n**Status:** works only for **ES|QL and
EQL** rule types\r\n\r\nWhen clicking on \"Show Elasticsearch requests,
ran during rule\r\nexecutions\" preview would return logged
Elasticsearch queries that can\r\nbe used to debug/explore rule
execution.\r\nEach rule execution accordion has time rule execution
started and its\r\nduration.\r\nUpon opening accordion: it will display
ES requests with their\r\ndescription and duration.\r\n\r\n**NOTE**:
Only search requests are returned, not the requests that\r\ncreate
actual alerts\r\n\r\nFeature flag: **loggingRequestsEnabled**\r\n\r\nOn
week
Demo([internal\r\nlink](https://drive.google.com/drive/folders/1l-cDhbiMxykNH6BzIxFAnLeibmV9a4Cz))\r\n\r\n###
Video demo (older
UI)\r\n\r\n\r\nhttps://github.com/user-attachments/assets/26f963da-c528-447c-9efd-350b4d42b52c\r\n\r\n###
Up to date UI\r\n\r\n#### UI control\r\n<img width=\"733\"
alt=\"Screenshot 2024-09-11 at 12 39
07\"\r\nsrc=\"https://github.com/user-attachments/assets/c2b1304d-6f93-4e8e-92f9-a6a0b53cefc7\">\r\n\r\n####
List of executions and code blocks\r\n<img width=\"770\"
alt=\"Screenshot 2024-09-11 at 12 38
23\"\r\nsrc=\"https://github.com/user-attachments/assets/48b5aa12-174c-46f5-b0bc-a141833b225b\">\r\n\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n🎉 All tests passed!
-\r\n[kibana-flaky-test-suite-runner#6909](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6909)\r\n[]
[Serverless] Security Solution Detection Engine - Cypress:
100/100\r\ntests passed.\r\n[] Security Solution Detection Engine -
Cypress: 100/100 tests passed.\r\n\r\nFTR tests
-\r\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6918\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"60176bcffdcbdb75b48823f4783923528797efe0"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
 2024-09-19 10:17:26 -05:00
Marshall Main
3cc7029197
[Security Solution] Quickstart script tooling for Detections and Response (#190634) 
## Summary

Creates CLI script tooling for building data, rules, exceptions, and
lists in any (local, cloud, serverless) environment for manual testing.
The initial commits here add generated clients for accessing security
solution, exceptions, and lists APIs and a placeholder script where
those clients are set up for use. See README for more details.

Much of the code in this PR is auto-generated clients. The hand written
code is intended to be primarily in `quickstart/modules/`, where we can
add wrapper code to simplify the process for common test environment
setup. For example, `createValueListException` takes an array of items
and some metadata and automatically creates a new value list and an
exception that references that value list. `/modules/data/` contains
functions to generate documents of arbitrary size, and we can add more
functions to create various other types of documents.

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-09-06 06:41:57 -07:00