github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
Your window into the Elastic Stack
84856 commits 499 branches 518 tags 21 GiB
Find a file
Kenneth Kreindler d5fd19058f
[9.0] [Security solution][AI assistant] bug: encode security labs content to prevent antivirus false positive (#221656) (#222951) 
# Backport

This will backport the following commits from `main` to `9.0`:
- [[Security solution][AI assistant] bug: encode security labs content
to prevent antivirus false positive
(#221656)](https://github.com/elastic/kibana/pull/221656)

<!--- Backport version: 10.0.0 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Kenneth
Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-06T09:16:48Z","message":"[Security
solution][AI assistant] bug: encode security labs content to prevent
antivirus false positive (#221656)\n\n## Summary\n\nFixes:
https://github.com/elastic/kibana/issues/202114\n\nSummarize your PR. If
it involves visual changes include a screenshot or\ngif.\n\nThis PR
addresses the
following\n[issue](https://github.com/elastic/kibana/issues/202114).\n\n####
Problem \nThe security labs' content is triggering false positive
anti-virus\nalerts from [ESET
cyber\nsecurity](https://www.eset.com/uk/home/cyber-security/?srsltid=AfmBOorLSTn6FfQXm9h4rm2nDpma91Q9-IfHmeUg4TuRL4TvMF9xB-Cc).\nThis
is because the content contains specific words and YARA rules that\nthe
antivirus picks up as malware. The content is not dangerous.\n\n####
Solution \nEncrypt the content so that the Yara rules do not trigger
alerts. The\ncontent is encrypted with AES-256-ECB and the key
`ELASTIC`. The\nencryption is not secure and does not need to be secure
(we just want to\nobfuscate the content).\n\n#### Considerations\n- An
alternative approach to fixing this issue that was considered
was\nbuilding an integration so that the content is only imported
after\nKibana has been started. As a team, we decided against this
because it\nis convenient for airgapped systems to have the secure labs
content\nshipped with the installation.\n- It would be great to test
this fix against many antivirus providers,\nhowever, I haven't found a
tool that lets me do this quickly.\n\n## How to test\n#### Verify the
security labs content is encoded\n- Check out the PR\n- Run the
following\n```bash\nyarn kbn bootstrap\nyarn build\n```\n- The build may
not fully complete locally; however, you should still be\nable to see
the build files at `/build`. Inspect the content of the\nfollowing
folder:\n`build/kibana/node_modules/@kbn/elastic-assistant-plugin/server/knowledge_base/security_labs`\nand
verify that only files ending with `.encoded.md` exist. The content\nof
these files should not be
human-readable.\n\n\n![image](https://github.com/user-attachments/assets/f8b4977d-2962-4cc5-a737-53cedd7b1dad)\n\n####
Verify the security labs content is encoded in the
cloud/serverless\nbuild (optional)\n- Log into docker.elastic.co in your
terminal. Do this by heading to\nhttps://docker-auth.elastic.co/ (more
info\n[here](https://elasticprod.service-now.com/esc?id=kb_article&table=kb_knowledge&sys_id=e8d361c747abb910ffad4438946d439a&recordUrl=kb_view.do%3Fsysparm_article%3DKB0012946))\n-
Use the latest CI run to get the serverless docker image and start
an\ninteractive shell with it:\n```bash\ndocker run -it --rm
docker.elastic.co/kibana-ci/kibana-serverless:pr-221656-ae41a481bbfc
sh\n```\n- Inspect the contents of the following directory and verify
that only\n`.encoded.md` files exist.\n```bash\ncd
node_modules/@kbn/elastic-assistant-plugin/server/knowledge_base/security_labs/\nls\n```\n-
Repeat the last 2 steps for the cloud deployment image (also found
in\nthe CI)\n\n<img width=\"1233\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/5d308537-b0a9-4bd0-a449-6ddae1ca1bfb\"\n/>\n\n####
Verify security labs content can be installed\n- Start Kibana locally\n-
Head over
to\n`http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base`\nand
install the knowledge base.\n\n<img width=\"1454\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e8c4b557-ea45-4c58-96ff-aacce47e9982\"\n/>\n\n-
Check that the security labs content is being installed\n\n<img
width=\"1456\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e7c2b128-ee94-436e-b4e0-1d48cb9d19cb\"\n/>\n\n-
Once the security labs content is installed, go to the security
AI\nassistant and ask the following: `Which malware is mentioned in
the\nsecurity labs content. Include citations`\n- Verify the assistant
gives a proper response and the citation links to\nthe Elastic Security
Labs page.\n\n<img width=\"859\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e89e523c-3054-4b8b-a3c3-2857cb1ed8cd\"\n/>\n\n####
Verify antivirus does not trigger (optional)\n- Download and install
ESET Cyber security trial
from\n[here](https://www.eset.com/uk/home/cyber-security/?srsltid=AfmBOorLSTn6FfQXm9h4rm2nDpma91Q9-IfHmeUg4TuRL4TvMF9xB-Cc)\n-
Open up the ESET\n- Click on `custom scan` and run the scan on the
folder
`build/kibana`\n\n\n![image](https://github.com/user-attachments/assets/4404f7cd-cc42-4476-bc05-24a1b67e80de)\n\n-
Expect no alerts to be
triggered\n\n\n![image](https://github.com/user-attachments/assets/45631134-512a-4a4d-ad4b-0de8074aa5aa)\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [X] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [X] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[X] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [X] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [X] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
Identify risks\n\nDoes this PR introduce any risks? For example,
consider risks like hard\nto test bugs, performance regression,
potential of data loss.\n\nDescribe the risk, its severity, and
mitigation for each identified\nrisk. Invite stakeholders and evaluate
how to proceed before merging.\n\n- [ ] [See some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ] ...\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Garrett Spong
<garrett.spong@elastic.co>\nCo-authored-by: Garrett Spong
<spong@users.noreply.github.com>","sha":"973c8f30a69fa785a149cc50747d99c1db4ce7b6","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","ci:cloud-deploy","ci:project-deploy-security","Team:Security
Generative
AI","backport:version","v9.1.0","v9.0.3","v8.18.3","v8.17.8"],"title":"[Security
solution][AI assistant] bug: encode security labs content to prevent
antivirus false
positive","number":221656,"url":"https://github.com/elastic/kibana/pull/221656","mergeCommit":{"message":"[Security
solution][AI assistant] bug: encode security labs content to prevent
antivirus false positive (#221656)\n\n## Summary\n\nFixes:
https://github.com/elastic/kibana/issues/202114\n\nSummarize your PR. If
it involves visual changes include a screenshot or\ngif.\n\nThis PR
addresses the
following\n[issue](https://github.com/elastic/kibana/issues/202114).\n\n####
Problem \nThe security labs' content is triggering false positive
anti-virus\nalerts from [ESET
cyber\nsecurity](https://www.eset.com/uk/home/cyber-security/?srsltid=AfmBOorLSTn6FfQXm9h4rm2nDpma91Q9-IfHmeUg4TuRL4TvMF9xB-Cc).\nThis
is because the content contains specific words and YARA rules that\nthe
antivirus picks up as malware. The content is not dangerous.\n\n####
Solution \nEncrypt the content so that the Yara rules do not trigger
alerts. The\ncontent is encrypted with AES-256-ECB and the key
`ELASTIC`. The\nencryption is not secure and does not need to be secure
(we just want to\nobfuscate the content).\n\n#### Considerations\n- An
alternative approach to fixing this issue that was considered
was\nbuilding an integration so that the content is only imported
after\nKibana has been started. As a team, we decided against this
because it\nis convenient for airgapped systems to have the secure labs
content\nshipped with the installation.\n- It would be great to test
this fix against many antivirus providers,\nhowever, I haven't found a
tool that lets me do this quickly.\n\n## How to test\n#### Verify the
security labs content is encoded\n- Check out the PR\n- Run the
following\n```bash\nyarn kbn bootstrap\nyarn build\n```\n- The build may
not fully complete locally; however, you should still be\nable to see
the build files at `/build`. Inspect the content of the\nfollowing
folder:\n`build/kibana/node_modules/@kbn/elastic-assistant-plugin/server/knowledge_base/security_labs`\nand
verify that only files ending with `.encoded.md` exist. The content\nof
these files should not be
human-readable.\n\n\n![image](https://github.com/user-attachments/assets/f8b4977d-2962-4cc5-a737-53cedd7b1dad)\n\n####
Verify the security labs content is encoded in the
cloud/serverless\nbuild (optional)\n- Log into docker.elastic.co in your
terminal. Do this by heading to\nhttps://docker-auth.elastic.co/ (more
info\n[here](https://elasticprod.service-now.com/esc?id=kb_article&table=kb_knowledge&sys_id=e8d361c747abb910ffad4438946d439a&recordUrl=kb_view.do%3Fsysparm_article%3DKB0012946))\n-
Use the latest CI run to get the serverless docker image and start
an\ninteractive shell with it:\n```bash\ndocker run -it --rm
docker.elastic.co/kibana-ci/kibana-serverless:pr-221656-ae41a481bbfc
sh\n```\n- Inspect the contents of the following directory and verify
that only\n`.encoded.md` files exist.\n```bash\ncd
node_modules/@kbn/elastic-assistant-plugin/server/knowledge_base/security_labs/\nls\n```\n-
Repeat the last 2 steps for the cloud deployment image (also found
in\nthe CI)\n\n<img width=\"1233\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/5d308537-b0a9-4bd0-a449-6ddae1ca1bfb\"\n/>\n\n####
Verify security labs content can be installed\n- Start Kibana locally\n-
Head over
to\n`http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base`\nand
install the knowledge base.\n\n<img width=\"1454\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e8c4b557-ea45-4c58-96ff-aacce47e9982\"\n/>\n\n-
Check that the security labs content is being installed\n\n<img
width=\"1456\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e7c2b128-ee94-436e-b4e0-1d48cb9d19cb\"\n/>\n\n-
Once the security labs content is installed, go to the security
AI\nassistant and ask the following: `Which malware is mentioned in
the\nsecurity labs content. Include citations`\n- Verify the assistant
gives a proper response and the citation links to\nthe Elastic Security
Labs page.\n\n<img width=\"859\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e89e523c-3054-4b8b-a3c3-2857cb1ed8cd\"\n/>\n\n####
Verify antivirus does not trigger (optional)\n- Download and install
ESET Cyber security trial
from\n[here](https://www.eset.com/uk/home/cyber-security/?srsltid=AfmBOorLSTn6FfQXm9h4rm2nDpma91Q9-IfHmeUg4TuRL4TvMF9xB-Cc)\n-
Open up the ESET\n- Click on `custom scan` and run the scan on the
folder
`build/kibana`\n\n\n![image](https://github.com/user-attachments/assets/4404f7cd-cc42-4476-bc05-24a1b67e80de)\n\n-
Expect no alerts to be
triggered\n\n\n![image](https://github.com/user-attachments/assets/45631134-512a-4a4d-ad4b-0de8074aa5aa)\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [X] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [X] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[X] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [X] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [X] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
Identify risks\n\nDoes this PR introduce any risks? For example,
consider risks like hard\nto test bugs, performance regression,
potential of data loss.\n\nDescribe the risk, its severity, and
mitigation for each identified\nrisk. Invite stakeholders and evaluate
how to proceed before merging.\n\n- [ ] [See some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ] ...\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Garrett Spong
<garrett.spong@elastic.co>\nCo-authored-by: Garrett Spong
<spong@users.noreply.github.com>","sha":"973c8f30a69fa785a149cc50747d99c1db4ce7b6"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/221656","number":221656,"mergeCommit":{"message":"[Security
solution][AI assistant] bug: encode security labs content to prevent
antivirus false positive (#221656)\n\n## Summary\n\nFixes:
https://github.com/elastic/kibana/issues/202114\n\nSummarize your PR. If
it involves visual changes include a screenshot or\ngif.\n\nThis PR
addresses the
following\n[issue](https://github.com/elastic/kibana/issues/202114).\n\n####
Problem \nThe security labs' content is triggering false positive
anti-virus\nalerts from [ESET
cyber\nsecurity](https://www.eset.com/uk/home/cyber-security/?srsltid=AfmBOorLSTn6FfQXm9h4rm2nDpma91Q9-IfHmeUg4TuRL4TvMF9xB-Cc).\nThis
is because the content contains specific words and YARA rules that\nthe
antivirus picks up as malware. The content is not dangerous.\n\n####
Solution \nEncrypt the content so that the Yara rules do not trigger
alerts. The\ncontent is encrypted with AES-256-ECB and the key
`ELASTIC`. The\nencryption is not secure and does not need to be secure
(we just want to\nobfuscate the content).\n\n#### Considerations\n- An
alternative approach to fixing this issue that was considered
was\nbuilding an integration so that the content is only imported
after\nKibana has been started. As a team, we decided against this
because it\nis convenient for airgapped systems to have the secure labs
content\nshipped with the installation.\n- It would be great to test
this fix against many antivirus providers,\nhowever, I haven't found a
tool that lets me do this quickly.\n\n## How to test\n#### Verify the
security labs content is encoded\n- Check out the PR\n- Run the
following\n```bash\nyarn kbn bootstrap\nyarn build\n```\n- The build may
not fully complete locally; however, you should still be\nable to see
the build files at `/build`. Inspect the content of the\nfollowing
folder:\n`build/kibana/node_modules/@kbn/elastic-assistant-plugin/server/knowledge_base/security_labs`\nand
verify that only files ending with `.encoded.md` exist. The content\nof
these files should not be
human-readable.\n\n\n![image](https://github.com/user-attachments/assets/f8b4977d-2962-4cc5-a737-53cedd7b1dad)\n\n####
Verify the security labs content is encoded in the
cloud/serverless\nbuild (optional)\n- Log into docker.elastic.co in your
terminal. Do this by heading to\nhttps://docker-auth.elastic.co/ (more
info\n[here](https://elasticprod.service-now.com/esc?id=kb_article&table=kb_knowledge&sys_id=e8d361c747abb910ffad4438946d439a&recordUrl=kb_view.do%3Fsysparm_article%3DKB0012946))\n-
Use the latest CI run to get the serverless docker image and start
an\ninteractive shell with it:\n```bash\ndocker run -it --rm
docker.elastic.co/kibana-ci/kibana-serverless:pr-221656-ae41a481bbfc
sh\n```\n- Inspect the contents of the following directory and verify
that only\n`.encoded.md` files exist.\n```bash\ncd
node_modules/@kbn/elastic-assistant-plugin/server/knowledge_base/security_labs/\nls\n```\n-
Repeat the last 2 steps for the cloud deployment image (also found
in\nthe CI)\n\n<img width=\"1233\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/5d308537-b0a9-4bd0-a449-6ddae1ca1bfb\"\n/>\n\n####
Verify security labs content can be installed\n- Start Kibana locally\n-
Head over
to\n`http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base`\nand
install the knowledge base.\n\n<img width=\"1454\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e8c4b557-ea45-4c58-96ff-aacce47e9982\"\n/>\n\n-
Check that the security labs content is being installed\n\n<img
width=\"1456\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e7c2b128-ee94-436e-b4e0-1d48cb9d19cb\"\n/>\n\n-
Once the security labs content is installed, go to the security
AI\nassistant and ask the following: `Which malware is mentioned in
the\nsecurity labs content. Include citations`\n- Verify the assistant
gives a proper response and the citation links to\nthe Elastic Security
Labs page.\n\n<img width=\"859\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/e89e523c-3054-4b8b-a3c3-2857cb1ed8cd\"\n/>\n\n####
Verify antivirus does not trigger (optional)\n- Download and install
ESET Cyber security trial
from\n[here](https://www.eset.com/uk/home/cyber-security/?srsltid=AfmBOorLSTn6FfQXm9h4rm2nDpma91Q9-IfHmeUg4TuRL4TvMF9xB-Cc)\n-
Open up the ESET\n- Click on `custom scan` and run the scan on the
folder
`build/kibana`\n\n\n![image](https://github.com/user-attachments/assets/4404f7cd-cc42-4476-bc05-24a1b67e80de)\n\n-
Expect no alerts to be
triggered\n\n\n![image](https://github.com/user-attachments/assets/45631134-512a-4a4d-ad4b-0de8074aa5aa)\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [X] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [X] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [X] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[X] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [X] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [X] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
Identify risks\n\nDoes this PR introduce any risks? For example,
consider risks like hard\nto test bugs, performance regression,
potential of data loss.\n\nDescribe the risk, its severity, and
mitigation for each identified\nrisk. Invite stakeholders and evaluate
how to proceed before merging.\n\n- [ ] [See some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ] ...\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\nCo-authored-by: Garrett Spong
<garrett.spong@elastic.co>\nCo-authored-by: Garrett Spong
<spong@users.noreply.github.com>","sha":"973c8f30a69fa785a149cc50747d99c1db4ce7b6"}},{"branch":"9.0","label":"v9.0.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Garrett Spong <garrett.spong@elastic.co>
Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
2025-06-06 18:54:49 +02:00
.buildkite [ci] Increase disk for capture_oas_snapshot (#221267) 2025-06-03 18:05:26 -05:00
.devcontainer [9.0] Upgrade to Storybook 8 (#195148) (#214680) 2025-03-19 20:55:47 +02:00
.github [9.0] [Security solution][AI assistant] bug: encode security labs content to prevent antivirus false positive (#221656) (#222951) 2025-06-06 18:54:49 +02:00
api_docs [9.0] [APM] Fix query for transaction marks (#215819) (#216668) 2025-04-01 18:43:53 +01:00
config [9.0] [artifacts] Remove default --openssl-legacy-provider (#213123) (#213173) 2025-03-05 01:34:06 +01:00
dev_docs [9.0] Revert "Removed switchToModelVersionAt from SO API definition (#219029)" (#220059) (#220259) 2025-05-06 18:10:09 +02:00
docs [9.0] Update elastic-managed-llm.md (#222714) (#222744) 2025-06-05 08:09:13 +00:00
examples [9.0] Fix: success message and scroll after adding panel from library (#220122) (#220776) 2025-05-14 08:55:40 +02:00
kbn_pm [9.0] Add conditional switching between EUI releases (#219818) (#221917) 2025-05-30 20:33:19 +02:00
legacy_rfcs [9.0] SKA: Relocate "platform" packages that remain on /packages (#208704) (#212224) 2025-02-28 10:10:29 +01:00
licenses Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
oas_docs [9.0] [DOCS] Add missing descriptions for metrics.alert.threshold rule (#213181) (#221994) 2025-05-30 08:21:17 +03:00
packages [9.0] Add conditional switching between EUI releases (#219818) (#221917) 2025-05-30 20:33:19 +02:00
plugins
scripts [9.0] SKA: Relocate "platform" packages that remain on /packages (#208704) (#212224) 2025-02-28 10:10:29 +01:00
src [9.0] Upgrade Puppeteer to v24.8.1 (#220310) (#222992) 2025-06-06 12:48:51 -04:00
test [9.0] [Dataview] Fix flaky Dataviews field edit tests by using a single document (#221088) (#222085) 2025-06-04 09:26:28 +02:00
typings make emotion typing global (#200958) 2024-12-05 12:20:43 -06:00
x-pack [9.0] [Security solution][AI assistant] bug: encode security labs content to prevent antivirus false positive (#221656) (#222951) 2025-06-06 18:54:49 +02:00
.backportrc.json chore(NA): adds 8.17 into backportrc (#201065) 2024-11-21 06:05:29 +00:00
.bazelignore Remove references to deleted .ci folder (#177168) 2024-02-20 19:54:21 +01:00
.bazeliskversion
.bazelrc
.bazelrc.common Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
.bazelversion chore(NA): revert bazel upgrade for v5.2.0 (#135096) 2022-06-24 03:57:21 +01:00
.browserslistrc Add Firefox ESR to browserlistrc (#184462) 2024-05-29 17:53:18 -05:00
.editorconfig
.eslintignore [9.0] SKA: Relocate "platform" packages that remain on /packages (#208704) (#212224) 2025-02-28 10:10:29 +01:00
.eslintrc.js [9.0] initial @kbn/scout-security plugin (#210433) (#215528) 2025-03-21 23:46:49 +02:00
.gitattributes
.gitignore [9.0] SKA: Relocate "platform" packages that remain on /packages (#208704) (#212224) 2025-02-28 10:10:29 +01:00
.i18nrc.json [9.0] SKA: Fix kebab-case issues in security-threat-hunting packages (#211349) (#211722) 2025-02-19 13:13:48 +01:00
.node-version Upgrade Node.js to 20.18.2 (#207431) 2025-01-22 12:00:14 -06:00
.npmrc [npmrc] Fix puppeteer_skip_download configuration (#177673) 2024-02-22 18:59:01 -07:00
.nvmrc Upgrade Node.js to 20.18.2 (#207431) 2025-01-22 12:00:14 -06:00
.prettierignore
.prettierrc
.puppeteerrc Add .puppeteerrc (#179847) 2024-04-03 09:14:39 -05:00
.stylelintignore
.stylelintrc Bump stylelint to ^14 (#136693) 2022-07-20 10:11:00 -05:00
.telemetryrc.json Sustainable Kibana Architecture: Move modules owned by @elastic/kibana-core (#201653) 2025-01-04 11:47:24 -07:00
.yarnrc
BUILD.bazel Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
catalog-info.yaml Configures PagerDuty Backstage Integration for kbn (#208440) 2025-01-27 23:29:11 +00:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md
FAQ.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
fleet_packages.json [9.0] Sync bundled packages with Package Storage (#222295) 2025-06-05 12:08:19 -04:00
github_checks_reporter.json
kibana.d.ts Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
LICENSE.txt Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
NOTICE.txt [api-docs] 2025-01-01 Daily api_docs build (#205342) 2025-01-01 01:37:13 -06:00
package.json [9.0] [Security solution][AI assistant] bug: encode security labs content to prevent antivirus false positive (#221656) (#222951) 2025-06-06 18:54:49 +02:00
preinstall_check.js Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
README.md
renovate.json [9.0] Splitting out library that requires ESM (#222639) (#222698) 2025-06-04 21:51:17 +00:00
RISK_MATRIX.mdx
run_fleet_setup_parallel.sh Sustainable Kibana Architecture: Move modules owned by @elastic/fleet (#202422) 2024-12-24 15:32:43 +01:00
SECURITY.md
sonar-project.properties [sonarqube] update memory, cpu (#190547) 2024-09-09 16:16:30 -05:00
STYLEGUIDE.mdx [styleguide] update path to scss theme (#140742) 2022-09-15 10:41:14 -04:00
tsconfig.base.json [9.0] [Security solution][AI assistant] bug: encode security labs content to prevent antivirus false positive (#221656) (#222951) 2025-06-06 18:54:49 +02:00
tsconfig.browser.json
tsconfig.browser_bazel.json
tsconfig.json Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
TYPESCRIPT.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
updatecli-compose.yaml deps(updatecli): bump all policies (#195865) 2024-10-15 07:37:12 -05:00
versions.json chore(NA): update versions after v8.17.2 bump (#207411) 2025-01-21 19:12:43 +00:00
WORKSPACE.bazel Upgrade Node.js to 20.18.2 (#207431) 2025-01-22 12:00:14 -06:00
yarn.lock [9.0] [Security solution][AI assistant] bug: encode security labs content to prevent antivirus false positive (#221656) (#222951) 2025-06-06 18:54:49 +02:00

README.md

Kibana

Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.

Getting Started

If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.

If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.

Using a Kibana Release

If you want to use a Kibana release in production, give it a test run, or just play around:

Building and Running Kibana, and/or Contributing Code

You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:

Documentation

Visit Elastic.co for the full Kibana documentation.

For information about building the documentation, see the README in elastic/docs.

Version Compatibility with Elasticsearch

Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.

Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.

Situation Example Kibana version Example ES version Outcome
Versions are the same. 7.15.1 7.15.1 💚 OK
ES patch number is newer. 7.15.0 7.15.1 ⚠️ Logged warning
ES minor number is newer. 7.14.2 7.15.0 ⚠️ Logged warning
ES major number is newer. 7.15.1 8.0.0 🚫 Fatal error
ES patch number is older. 7.15.1 7.15.0 ⚠️ Logged warning
ES minor number is older. 7.15.1 7.14.2 🚫 Fatal error
ES major number is older. 8.0.0 7.15.1 🚫 Fatal error

Questions? Problems? Suggestions?

  • If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
  • Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.