github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
Your window into the Elastic Stack
66527 commits 499 branches 518 tags 21 GiB
Find a file
Ash 6e367d94c9
[Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 
### What this PR changes

branched from elastic/kibana/pull/163759

- Introduces new AppFeatures package `@kbn/security-solution-features`
with the common logic and `AppFeatureService` to apply offering specific
configurations for Security Solution features independently for
Serverless and ESS. This logic is replacing the earlier `AppFeatures` in
order to introduce new Kibana feature privileges for serverless PLIs so
that new Kibana privileges introduced for serverless PLIs do not
affect/show up as new Kibana feature privileges in ESS.
- Gates endpoint exceptions on alerts/rules based on serverless PLI
configurations. On serverless `Endpoint exceptions` should be
accessible/seen only on endpoint essentials/complete.

New AppFeatures logic architecture diagram:

![Security Solution Features
(Current)](f627406d-43bc-4db5-93b1-4e43eeb6d870)

**Note:** Corresponding API changes related to endpoint exceptions will
be in a new PR, along with the last set of UX changes for hiding the
`Endpoint exceptions` tab from the Rules details page.

### How to review

- Setup for _Servlerless_
  - Run `yarn es snapshot` on a terminal window to start ES.
- Copy `config/serverless.security.yml` to
`config/serverless.security.dev.yml`
- Run `yarn serverless-security --no-base-path` on another terminal
window to start kibana in serverless mode
- Run `node
x-pack/plugins/security_solution/scripts/endpoint/endpoint_agent_emulator.js
--asSuperuser` on a new window and then select `1` to `Load Endoints`
and then `1` to `Run` the loader script. This will load some fake
agents/alerts data to test with.

### Tests (Serverless)

- with 
`{ product_line: 'security', product_tier: 'essentials' }` or `{
product_line: 'security', product_tier: 'complete' }`
and
`{ product_line: 'endpoint', product_tier: 'essentials' }` or `{
product_line: 'endpoint', product_tier: 'complete' }`

1. Navigate to Rules>Shared exception lists via
`http://localhost:5601/app/security/exceptions`
2. Test that you can see `Endpoint Security Exception List` card on the
shared exception lists page.
3. Navigate to `Alerts` page via `app/security/alerts`, you should see
endpoint alerts. If not, then click on `Manage Rules` and then
disable/enable `Endpoint Security` rules. That should trigger alerts to
show up on the Alerts table.
4. Click on `View Details` button under `Actions` column. Once the
flyout is visible, click on `Take Action` and verify that `Add Endpoint
exception` is visible/enabled/clickable on the menu.
5. Click on `More actions` button under `Actions` column and verify that
`Add Endpoint exception` is visible/enabled/clickable on the menu.
6. Click on `Investigate in timeline` button under `Actions` column;
when the timeline view is visible and the alert item is displayed, click
on buttons mentioned in 4. and 5. above and verify the same.
7. Navigate to `Rules`>`DetectionRules`>`Endpoint Security` rule under
the `Rules` table. Select the `Alerts` tab.
8. Click and verify `View details`,`More actions` and `Investigate in
timeline` buttons same as in 4., 5., 6. above.
9. You should be able to see the `Endpoint exceptions` tab as well.
Click and verify that you can see the tab's content.

- with 
`{ product_line: 'security', product_tier: 'essentials' }` or `{
product_line: 'security', product_tier: 'complete' }`
1. Edit `config/serverless.security.dev.yml` so that `endpoint` product
line item is commented out.
2. Test that you can not see `Endpoint Security Exception List` card on
the shared exception lists page.
3. Items 4. 5. 6. as above but the menu items should be disabled. This
can be verified with fake data only as with a real endpoint, endpoint
alerts are actually not visible at all.


### Tests (ESS)
On the ESS side, endpoint exceptions are not affected by this change and
work as usual based on index privileges.

---------

Co-authored-by: semd <sergi.massaneda@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: YulNaumenko <jo.naumenko@gmail.com>
Co-authored-by: Pablo Neves Machado <pablo.nevesmachado@elastic.co>
Co-authored-by: Pablo Machado <machadoum@gmail.com>
2023-08-31 13:35:42 +02:00
.buildkite ESS support for FTR serverless tests. SSL support in kbn/es. kbn/es DX improvements. (#162673) 2023-08-30 13:28:29 -07:00
.ci Upgrade Node.js to 18.17.1 (#163710) 2023-08-14 12:08:27 -05:00
.github [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00
api_docs [api-docs] 2023-08-31 Daily api_docs build (#165285) 2023-08-31 00:58:22 -04:00
bundle Update core architecture docs (#164120) 2023-08-21 15:38:24 -04:00
config [node] Enable openssl legacy provider (#163190) 2023-08-30 11:51:10 -07:00
dev_docs [APM Config] Allow API Key environment var (#163153) 2023-08-21 14:39:56 -07:00
docs [node] Enable openssl legacy provider (#163190) 2023-08-30 11:51:10 -07:00
examples remove unneeded usages of isErrorResponse (#164609) 2023-08-28 11:40:26 -06:00
kbn_pm chore(NA): exit early with link for docs when using kbn_pm on windows (#139745) 2023-02-10 15:38:29 +00:00
legacy_rfcs rename @elastic/* packages to @kbn/* (#138957) 2022-08-18 08:54:42 -07:00
licenses Elastic License 2.0 (#90099) 2021-02-03 18:12:39 -08:00
packages [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00
plugins [dev/cli] ensure plugins/ and all watch source dirs exist (#78973) 2020-09-30 10:20:44 -07:00
scripts Upgrade re2 from v1.17.7 to v1.20.1 (#162880) 2023-08-04 20:13:13 +02:00
src ESS support for FTR serverless tests. SSL support in kbn/es. kbn/es DX improvements. (#162673) 2023-08-30 13:28:29 -07:00
test [RAM] Autocomplete (#158454) 2023-08-30 19:04:14 -07:00
typings [security_solution] Fix @grep tags in Cypress (#164644) 2023-08-25 13:22:04 +01:00
vars [RAM] Alert table all column fix 2 (#161054) 2023-07-07 09:57:22 -06:00
x-pack [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00
.backportrc.json It adds 8.10 into the .backportrc config file (#164259) 2023-08-21 15:15:30 +01:00
.bazelignore Bazel config maintenance (#135442) 2022-07-05 10:20:26 -05:00
.bazeliskversion chore(NA): upgrade bazelisk into v1.11.0 (#125070) 2022-02-09 20:43:57 +00:00
.bazelrc chore(NA): use new and more performant BuildBuddy servers (#130350) 2022-04-18 02:01:38 +01:00
.bazelrc.common Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
.bazelversion chore(NA): revert bazel upgrade for v5.2.0 (#135096) 2022-06-24 03:57:21 +01:00
.browserslistrc [browserslist] remove unnecessary browsers (#89186) 2021-01-25 16:30:18 -07:00
.editorconfig .editorconfig MDX files should follow the same rules as MD (#96942) 2021-04-13 11:40:42 -04:00
.eslintignore [NOTICE.txt] Fix notices for Gainsight and FullStory (#146004) 2023-01-13 14:49:43 +01:00
.eslintrc.js [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00
.gitattributes
.gitignore Fix @kbn/import-resolver detection of nested node_modules (#162391) 2023-07-25 10:09:05 +02:00
.i18nrc.json [Enterprise Search] Reuse serverless panels on Enterprise Search (#163179) 2023-08-11 19:00:40 +02:00
.node-version Upgrade Node.js to 18.17.1 (#163710) 2023-08-14 12:08:27 -05:00
.npmrc chore(NA): assure puppeteer_skip_chromium_download is applied across every yarn install situation (#88346) 2021-01-14 18:00:23 +00:00
.nvmrc Upgrade Node.js to 18.17.1 (#163710) 2023-08-14 12:08:27 -05:00
.prettierignore [dev] Replace sass-lint with stylelint (#86177) 2021-01-15 11:52:29 -06:00
.prettierrc
.stylelintignore chore(NA): stop grouping bazel out symlink folders (#96066) 2021-04-01 14:16:14 -05:00
.stylelintrc Bump stylelint to ^14 (#136693) 2022-07-20 10:11:00 -05:00
.telemetryrc.json [Telemetry] Fix telemetry-tools TS parser for packages (#149819) 2023-01-31 04:09:09 +03:00
.yarnrc chore(NA): manage npm dependencies within bazel (#92864) 2021-03-03 12:37:20 -05:00
BUILD.bazel Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
catalog-info.yaml Qx 282 touchup qg (#164643) 2023-08-24 08:48:31 -05:00
CODE_OF_CONDUCT.md Add CODE_OF_CONDUCT.md (#87439) 2021-02-23 09:01:51 +01:00
CONTRIBUTING.md Update doc slugs to improve analytic tracking, move to appropriate folders (#113630) 2021-10-04 13:36:45 -04:00
FAQ.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
fleet_packages.json [main] Sync bundled packages with Package Storage (#165300) 2023-08-31 03:50:02 -07:00
github_checks_reporter.json
Jenkinsfile [CI] Disable tracked branch jobs in Jenkins, enable reporting in Buildkite (#112604) 2021-09-21 11:31:15 -04:00
kibana.d.ts fix all violations 2022-04-16 01:37:30 -05:00
LICENSE.txt Elastic License 2.0 (#90099) 2021-02-03 18:12:39 -08:00
nav-kibana-dev.docnav.json Add link to Contributor Newsletter for June/July 2023 (#162961) 2023-08-03 10:24:41 +02:00
NOTICE.txt [FullStory] Update snippet (#153570) 2023-04-18 04:06:05 -07:00
package.json [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00
preinstall_check.js Elastic License 2.0 (#90099) 2021-02-03 18:12:39 -08:00
README.md [README] Update version Compatibility with Elasticsearch (#116040) 2022-01-10 10:31:21 -05:00
renovate.json [Logger] Strip ANSI escape codes from the message (#164337) 2023-08-25 11:53:57 +02:00
RISK_MATRIX.mdx Add "Risk Matrix" section to the PR template (#100649) 2021-06-02 14:43:47 +02:00
SECURITY.md Add security policy to the Kibana repository (#85407) 2020-12-10 09:26:00 -05:00
STYLEGUIDE.mdx [styleguide] update path to scss theme (#140742) 2022-09-15 10:41:14 -04:00
tsconfig.base.json [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00
tsconfig.browser.json
tsconfig.browser_bazel.json [build_ts_refs] improve caches, allow building a subset of projects (#107981) 2021-08-10 22:12:45 -07:00
tsconfig.json Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
TYPESCRIPT.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
versions.json chore(NA): update versions after v8.9.2 bump (#164193) 2023-08-17 19:51:23 +01:00
WORKSPACE.bazel Upgrade Node.js to 18.17.1 (#163710) 2023-08-14 12:08:27 -05:00
yarn.lock [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107) 2023-08-31 13:35:42 +02:00

README.md

Kibana

Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.

Getting Started

If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.

If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.

Using a Kibana Release

If you want to use a Kibana release in production, give it a test run, or just play around:

Building and Running Kibana, and/or Contributing Code

You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:

Documentation

Visit Elastic.co for the full Kibana documentation.

For information about building the documentation, see the README in elastic/docs.

Version Compatibility with Elasticsearch

Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.

Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.

Situation Example Kibana version Example ES version Outcome
Versions are the same. 7.15.1 7.15.1 💚 OK
ES patch number is newer. 7.15.0 7.15.1 ⚠️ Logged warning
ES minor number is newer. 7.14.2 7.15.0 ⚠️ Logged warning
ES major number is newer. 7.15.1 8.0.0 🚫 Fatal error
ES patch number is older. 7.15.1 7.15.0 ⚠️ Logged warning
ES minor number is older. 7.15.1 7.14.2 🚫 Fatal error
ES major number is older. 8.0.0 7.15.1 🚫 Fatal error

Questions? Problems? Suggestions?

  • If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
  • Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.