mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
Your window into the Elastic Stack
e6b7b5c9e9
# Backport This will backport the following commits from `main` to `8.x`: - [[SecuritySolution] Add Service entity type to Entity Analytics (#204437)](https://github.com/elastic/kibana/pull/204437) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Pablo Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2025-01-14T13:46:35Z","message":"[SecuritySolution] Add Service entity type to Entity Analytics (#204437)\n\n## Summary\n\n* Refactor types to prevent usages of `host` and `user`. \n * Use `EntityType` instead. \n* Use a generic function that receives `EntityType` as a parameter\ninstead of custom user and host functions\n* Consolidate duplicated entity types\n* Add service to entity types and update all references on the\nEntityAnalyticsDashboards page, Risk score page and Entity Store page.\n* Refactor Risk score APIs to be more generic and accept EntityType and\na param\n* Refactor if statement like `isUserRiskScore` to be more generic and\naccept `service`\n* Delete `RiskScoreEntity` in favour of `EntityType`.\n* Update the branch to support the universal entity\n\n### Not included\n* Service Flyout\n\n### Images\n\n\n\n\n\n### Generic Entity Support\nWe need to support risk score and asset criticality for\nGeneric/Universal entities according to\nhttps://github.com/elastic/security-team/issues/10740\n\n> We expect that the below will be supported:\n> \n> Entity flyout for service/generic entity\n> Entity risk scoring for service/generic entity\n> Asset criticality assignments for service/generic entity\n\nThis PR already implements that support. However, I have introduced a\nfunction per feature that returns the enabled entity types. At the\nmoment, I defined universal/generic entities as unsupported for this PR\nto preserve the current behaviour. But to allow universal/generic\nentities, we only need to delete a couple of lines.\n\nRisk Score will need extra work because the entity types are hard-coded\non some parts of the code.\n\n### How to test it\n1\n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable Entity Store and Risk engine\n* Test the EA features, and they should work normally\n\n\n2\n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable the `serviceEntityStoreEnabled` flag\n* Enable Entity Store and Risk engine\n* Test the EA features, and you should see a new type of Entity called\n'service'\n* Service Entity should work with all Entity analytics features\n\n\n3 \n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable the `assetInventoryStoreEnabled` flag\n* Enable Entity Store and Risk engine\n* Test the EA features, and you should not see universal/generic entity\nexcept for the entity store status pages\n\n\n\n\n### Checklist\n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n## Release note\nAdd the \"service\" type to Security Entity Analytics - Entity Store. It\nwill find services by the `service.name` field, calculate risk score,\nand allow asset criticality assignment.\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"6c31cf73ccae9f917038c51b4ad9e5c896f4bd28","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","Team: SecuritySolution","release_note:feature","Feature:Entity Analytics","Team:Entity Analytics","backport:version","v8.18.0"],"title":"[SecuritySolution] Add Service entity type to Entity Analytics","number":204437,"url":"https://github.com/elastic/kibana/pull/204437","mergeCommit":{"message":"[SecuritySolution] Add Service entity type to Entity Analytics (#204437)\n\n## Summary\n\n* Refactor types to prevent usages of `host` and `user`. \n * Use `EntityType` instead. \n* Use a generic function that receives `EntityType` as a parameter\ninstead of custom user and host functions\n* Consolidate duplicated entity types\n* Add service to entity types and update all references on the\nEntityAnalyticsDashboards page, Risk score page and Entity Store page.\n* Refactor Risk score APIs to be more generic and accept EntityType and\na param\n* Refactor if statement like `isUserRiskScore` to be more generic and\naccept `service`\n* Delete `RiskScoreEntity` in favour of `EntityType`.\n* Update the branch to support the universal entity\n\n### Not included\n* Service Flyout\n\n### Images\n\n\n\n\n\n### Generic Entity Support\nWe need to support risk score and asset criticality for\nGeneric/Universal entities according to\nhttps://github.com/elastic/security-team/issues/10740\n\n> We expect that the below will be supported:\n> \n> Entity flyout for service/generic entity\n> Entity risk scoring for service/generic entity\n> Asset criticality assignments for service/generic entity\n\nThis PR already implements that support. However, I have introduced a\nfunction per feature that returns the enabled entity types. At the\nmoment, I defined universal/generic entities as unsupported for this PR\nto preserve the current behaviour. But to allow universal/generic\nentities, we only need to delete a couple of lines.\n\nRisk Score will need extra work because the entity types are hard-coded\non some parts of the code.\n\n### How to test it\n1\n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable Entity Store and Risk engine\n* Test the EA features, and they should work normally\n\n\n2\n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable the `serviceEntityStoreEnabled` flag\n* Enable Entity Store and Risk engine\n* Test the EA features, and you should see a new type of Entity called\n'service'\n* Service Entity should work with all Entity analytics features\n\n\n3 \n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable the `assetInventoryStoreEnabled` flag\n* Enable Entity Store and Risk engine\n* Test the EA features, and you should not see universal/generic entity\nexcept for the entity store status pages\n\n\n\n\n### Checklist\n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n## Release note\nAdd the \"service\" type to Security Entity Analytics - Entity Store. It\nwill find services by the `service.name` field, calculate risk score,\nand allow asset criticality assignment.\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"6c31cf73ccae9f917038c51b4ad9e5c896f4bd28"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204437","number":204437,"mergeCommit":{"message":"[SecuritySolution] Add Service entity type to Entity Analytics (#204437)\n\n## Summary\n\n* Refactor types to prevent usages of `host` and `user`. \n * Use `EntityType` instead. \n* Use a generic function that receives `EntityType` as a parameter\ninstead of custom user and host functions\n* Consolidate duplicated entity types\n* Add service to entity types and update all references on the\nEntityAnalyticsDashboards page, Risk score page and Entity Store page.\n* Refactor Risk score APIs to be more generic and accept EntityType and\na param\n* Refactor if statement like `isUserRiskScore` to be more generic and\naccept `service`\n* Delete `RiskScoreEntity` in favour of `EntityType`.\n* Update the branch to support the universal entity\n\n### Not included\n* Service Flyout\n\n### Images\n\n\n\n\n\n### Generic Entity Support\nWe need to support risk score and asset criticality for\nGeneric/Universal entities according to\nhttps://github.com/elastic/security-team/issues/10740\n\n> We expect that the below will be supported:\n> \n> Entity flyout for service/generic entity\n> Entity risk scoring for service/generic entity\n> Asset criticality assignments for service/generic entity\n\nThis PR already implements that support. However, I have introduced a\nfunction per feature that returns the enabled entity types. At the\nmoment, I defined universal/generic entities as unsupported for this PR\nto preserve the current behaviour. But to allow universal/generic\nentities, we only need to delete a couple of lines.\n\nRisk Score will need extra work because the entity types are hard-coded\non some parts of the code.\n\n### How to test it\n1\n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable Entity Store and Risk engine\n* Test the EA features, and they should work normally\n\n\n2\n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable the `serviceEntityStoreEnabled` flag\n* Enable Entity Store and Risk engine\n* Test the EA features, and you should see a new type of Entity called\n'service'\n* Service Entity should work with all Entity analytics features\n\n\n3 \n* Start kabana with security solution data \n * You can use the document generator with `yarn start entity-store`\n* Enable the `assetInventoryStoreEnabled` flag\n* Enable Entity Store and Risk engine\n* Test the EA features, and you should not see universal/generic entity\nexcept for the entity store status pages\n\n\n\n\n### Checklist\n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n## Release note\nAdd the \"service\" type to Security Entity Analytics - Entity Store. It\nwill find services by the `service.name` field, calculate risk score,\nand allow asset criticality assignment.\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"6c31cf73ccae9f917038c51b4ad9e5c896f4bd28"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|---|---|---|
| .buildkite | ||
| .devcontainer | ||
| .github | ||
| api_docs | ||
| config | ||
| dev_docs | ||
| docs | ||
| examples | ||
| kbn_pm | ||
| legacy_rfcs | ||
| licenses | ||
| oas_docs | ||
| packages | ||
| plugins | ||
| scripts | ||
| src | ||
| test | ||
| typings | ||
| x-pack | ||
| .backportrc.json | ||
| .bazelignore | ||
| .bazeliskversion | ||
| .bazelrc | ||
| .bazelrc.common | ||
| .bazelversion | ||
| .browserslistrc | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.js | ||
| .gitattributes | ||
| .gitignore | ||
| .i18nrc.json | ||
| .node-version | ||
| .npmrc | ||
| .nvmrc | ||
| .prettierignore | ||
| .prettierrc | ||
| .puppeteerrc | ||
| .stylelintignore | ||
| .stylelintrc | ||
| .telemetryrc.json | ||
| .yarnrc | ||
| BUILD.bazel | ||
| catalog-info.yaml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| FAQ.md | ||
| fleet_packages.json | ||
| github_checks_reporter.json | ||
| kibana.d.ts | ||
| LICENSE.txt | ||
| NOTICE.txt | ||
| package.json | ||
| preinstall_check.js | ||
| README.md | ||
| renovate.json | ||
| RISK_MATRIX.mdx | ||
| run_fleet_setup_parallel.sh | ||
| SECURITY.md | ||
| sonar-project.properties | ||
| STYLEGUIDE.mdx | ||
| tsconfig.base.json | ||
| tsconfig.browser.json | ||
| tsconfig.browser_bazel.json | ||
| tsconfig.json | ||
| TYPESCRIPT.md | ||
| versions.json | ||
| WORKSPACE.bazel | ||
| yarn.lock | ||
Kibana
Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.
- Getting Started
- Documentation
- Version Compatibility with Elasticsearch
- Questions? Problems? Suggestions?
Getting Started
If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.
If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.
Using a Kibana Release
If you want to use a Kibana release in production, give it a test run, or just play around:
- Download the latest version on the Kibana Download Page.
- Learn more about Kibana's features and capabilities on the Kibana Product Page.
- We also offer a hosted version of Kibana on our Cloud Service.
Building and Running Kibana, and/or Contributing Code
You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:
- CONTRIBUTING.md will help you get Kibana up and running.
- If you would like to contribute code, please follow our STYLEGUIDE.mdx.
- For all other questions, check out the FAQ.md and wiki.
Documentation
Visit Elastic.co for the full Kibana documentation.
For information about building the documentation, see the README in elastic/docs.
Version Compatibility with Elasticsearch
Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.
Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.
| Situation | Example Kibana version | Example ES version | Outcome |
|---|---|---|---|
| Versions are the same. | 7.15.1 | 7.15.1 | 💚 OK |
| ES patch number is newer. | 7.15.0 | 7.15.1 | ⚠️ Logged warning |
| ES minor number is newer. | 7.14.2 | 7.15.0 | ⚠️ Logged warning |
| ES major number is newer. | 7.15.1 | 8.0.0 | 🚫 Fatal error |
| ES patch number is older. | 7.15.1 | 7.15.0 | ⚠️ Logged warning |
| ES minor number is older. | 7.15.1 | 7.14.2 | 🚫 Fatal error |
| ES major number is older. | 8.0.0 | 7.15.1 | 🚫 Fatal error |
Questions? Problems? Suggestions?
- If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
- Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.