mirror of https://github.com/elastic/kibana.git synced 2025-06-27 10:40:07 -04:00

History

Pablo Machado 5363883a8d [SecuritySolution] Create PrivMon index import flow (#224822 ) Depends on https://github.com/elastic/kibana/pull/221610 This PR adds the import index workflow to privileged user monitoring and API changes required to support it. ### API Enhancements * New API for privilege monitoring index creation: Added a new API endpoint (`PUT /api/entity_analytics/monitoring/privileges/indices`) to create indices for privilege monitoring with support for `standard` and `lookup` modes. This includes the implementation of request and response schemas (`create_indidex.gen.ts`, `create_indidex.schema.yaml`). [[1]](diffhunk://#diff-68329bb90dea945f343e1637990d5d05bc159e0aa2511ef1e45d37ed1a6cda51R1-R41) [[2]](diffhunk://#diff-e979499654a27b3c1930d63c5b1002113c1c3f53f84ce27a4d75a5c492717a96R1-R42) * Updated privilege monitoring health response: Modified the health response schema to include a `status` field and an optional `error` object for detailed error handling (`privilege_monitoring/health.gen.ts`, `privilege_monitoring/health.schema.yaml`). [[1]](diffhunk://#diff-00f39a3e65a336eaddf7d3203d1370d910f5ecd2062b6cc21d9c06922c12884eR19-R28) [[2]](diffhunk://#diff-83afa72b7a1fc48f3cc063e9fb855190d3525228bc0488fb8b871e112b90e961L22-R33) ### Frontend Integration * *Introduce the create index modal that opens when the create index button is clicked. Onboarding modal improvements: Updated the `AddDataSourcePanel` component to handle index creation more robustly by passing callbacks to the modal (`add_data_source.tsx`). * Error handling in UI: Enhanced the `PrivilegedUserMonitoring` component to display error callouts when privilege monitoring data fails to load (`privileged_user_monitoring/index.tsx`). [[1]](diffhunk://#diff-273ad32c97dcf15c6c6054fd7c5516d587132674578d25986b235cd174c75789R22-R26) [[2]](diffhunk://#diff-273ad32c97dcf15c6c6054fd7c5516d587132674578d25986b235cd174c75789R38-R51) ### How to test it? * Go to the priv mon page with an empty cluster * Click on the data source by the index button * Search for available indices, it should return indices with `user.name.keyword` fields * Click 'create index' and create a new index * Choose the created index and click 'Add privileged users' * You should be redirected to the dashboard (The API is currently not working) ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>		2025-06-24 10:09:06 +01:00
..
build_chromium	[On-Week] Automate chromium linux builds for reporting in Kibana (#212674 )	2025-05-06 22:04:08 +02:00
dev-tools
examples	Optimize existing image assets with lossless compression (#223998 )	2025-06-19 16:44:13 +02:00
packages	Upgrade ES client to 9.0.0-alpha.3 (#208776 )	2025-02-25 14:37:23 +00:00
performance	SKA: Relocate /test to /src/platform/test (#210956 )	2025-03-14 16:57:23 +00:00
platform	[Connector][TheHive] Show rule severity toggle and body jsoneditor in UI (#224669 )	2025-06-24 11:53:46 +03:00
scripts	[Streams] Replay loghub data with synthtrace (#212120 )	2025-03-11 13:30:06 +01:00
solutions	[SecuritySolution] Create PrivMon index import flow (#224822 )	2025-06-24 10:09:06 +01:00
test	[SecuritySolution] Create PrivMon index import flow (#224822 )	2025-06-24 10:09:06 +01:00
test_serverless	[Cloud Security] [Graph Vis] Implement UI enhancements (#222830 )	2025-06-24 07:46:38 +03:00
.gitignore	SKA: Update and breakdown x-pack/.gitignore (#212341 )	2025-02-25 11:34:42 +01:00
.i18nrc.json	[Search][tech-debt] search-navigation improvements (#224497 )	2025-06-23 17:02:28 +01:00
.telemetryrc.json	SKA: Extract list of Kibana solutions into a dedicated package (#213353 )	2025-03-20 10:20:07 +01:00
package.json
README.md	SKA: Relocate "platform" packages that remain on `/packages` (#208704 )	2025-02-24 11:03:30 +00:00

README.md

Elastic License Functionality

This directory tree contains files subject to the Elastic License 2.0. The files subject to the Elastic License 2.0 are grouped in this directory to clearly separate them from files licensed otherwise.

Alert Details page feature flags (feature-flag-per-App)

If you have:

xpack.observability.unsafe.alertDetails.uptime.enabled: true

[For Uptime rule type] In Kibana configuration, will allow the user to navigate to the new Alert Details page, instead of the Alert Flyout when clicking on View alert details in the Alert table

Development

By default, Kibana will run with X-Pack installed as mentioned in the contributing guide.

Elasticsearch will run with a basic license. To run with a trial license, including security, you can specifying that with the yarn es command.

Example: yarn es snapshot --license trial --password changeme

By default, this will also set the password for native realm accounts to the password provided (changeme by default). This includes that of the kibana_system user which elasticsearch.username defaults to in development. If you wish to specify a password for a given native realm account, you can do that like so: --password.kibana_system=notsecure

Testing

For information on testing, see the Elastic functional test development guide.

Running functional tests

The functional UI tests, the API integration tests, and the SAML API integration tests are all run against a live browser, Kibana, and Elasticsearch install. Each set of tests is specified with a unique config that describes how to start the Elasticsearch server, the Kibana server, and what tests to run against them. The sets of tests that exist today are functional UI tests (specified by this config), API integration tests (specified by this config), and SAML API integration tests (specified by this config).

The script runs all sets of tests sequentially like so:

builds Elasticsearch and X-Pack
runs Elasticsearch with X-Pack
starts up the Kibana server with X-Pack
runs the functional UI tests against those servers
tears down the servers
repeats the same process for the API and SAML API integration test configs.

To do all of this in a single command run:

node scripts/functional_tests

Developing functional UI tests

If you are developing functional tests then you probably don't want to rebuild Elasticsearch and wait for all that setup on every test run, so instead use this command to build and start just the Elasticsearch and Kibana servers:

node scripts/functional_tests_server

After the servers are started, open a new terminal and run this command to run just the tests (without tearing down Elasticsearch or Kibana):

node scripts/functional_test_runner

For both of the above commands, it's crucial that you pass in --config to specify the same config file to both commands. This makes sure that the right tests will run against the right servers. Typically a set of tests and server configuration go together.

Read more about how the scripts work here.

For a deeper dive, read more about the way functional tests and servers work here.

Running API integration tests

API integration tests are run with a unique setup usually without UI assets built for the Kibana server.

API integration tests are intended to test only programmatic API exposed by Kibana. There is no need to run browser and simulate user actions, which significantly reduces execution time. In addition, the configuration for API integration tests typically sets optimize.enabled=false for Kibana because UI assets are usually not needed for these tests.

To run only the API integration tests:

node scripts/functional_tests --config test/api_integration/config

Running SAML API integration tests

We also have SAML API integration tests which set up Elasticsearch and Kibana with SAML support. Run only API integration tests with SAML enabled like so:

node scripts/functional_tests --config test/security_api_integration/saml.config

Running Jest integration tests

Jest integration tests can be used to test behavior with Elasticsearch and the Kibana server.

yarn test:jest_integration

Running Reporting functional tests

See here for more information on running reporting tests.

Running Security Solution Cypress E2E/integration tests

See here for information on running this test suite.