* Update dependency @elastic/elasticsearch to ^8.0.0-canary.15
* update tests for new error message building mechanism
* fix integration tests
* fix functional test
* mute new type errors
* fix new type errors
* bump es client to canaary.16
* fix integration test
* fix type errors in infra plugin
* mute type error in ml plugin
* fix type errors in monitoring plugin
* fix and mute errors in security solution plugin
* bump version to canary.18
* remove an unnecessary change
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: restrry <restrry@gmail.com>
* [ILM] Added index templates flyout to the edit policy form
* Fixed i18n errors
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Clear flash messages when saving Settings
Previously when making changes to the UI in Settings, the error messages would persist. This PR removes the flash messages when any API requests are made.
* Also reset when staging/removing images
* [ILM] Fixed policy request flyout requiring policy name to show json
* [ILM] Fixed policy name in the request flyout for a new policy
* [ILM] Renamed saveAsNew to isClonedPolicy
* Fixed i18n errors
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* es-query types
* jest and lint
* cc
* options
* type
* types for kuery FUNCTIONS
* doc
* sec fixes
* typey type
* test typescript
* test
* fixes
* test
* cr
* cleanup a bit more
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Lens] Fixes flakiness in editing pre-existing runtime field
* Field editor changes
* Unskip test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Converted Grok debugger tests to use standard functional test runner practices.
* Fixed last test.
* Removed old test now that the new test is passing.
* Fixed condition for retry.
* Removed .only to restore test run.
* fixed errors
* Fixed nits.
* Adding telemetry usage counter for create rule API when predefined ID is specified
* Checking explicitly for default space id
* Handling undefined space id when spaces is disabled
* Consolidating logic in single function
* Tracking total usage and custom usage
* balance solutions
* clean up solution changes
* change footer button size
* update management section
* apply max-width to management items
* remove right side items from page header
* add data content update
* illustration poc
* add data content updates per feedback
* img size and alignment
* moved shared images to shared assets folder
* more solutions clean up
* rm unneeded import
* remove references to subtitle and appDescriptions
* update tests and snapshots
* more test and snapshot updates
* restore solution sort order
* ts and jest fixes; thx catherine!
* i18n fixes
* use new `KibanaPageTemplateSolutionNavAvatar` comp
* change solution imgs from png to svg
* update tests and snapshots
* rm spacer and update snapshots
* account for flex margin changes in img offset
* Change "Kibana" overview page text to "Analytics"
* update overview icon to match hp changes
* update snapshots
* center justify solutions and update snapshots
* update snapshots
* title case dev tools and stack management
* update text and snapshots
* fix merge error
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* switch dfa create, runtime, and expanded row json editor to new codeEditor
* add aria label. wrap codeEditor in div to allow data attribute for test
* update functional test service for new code editor
* Remove TODOs
Removes 2 todos:
- in index.tsx, the access is handled somewhere else and visiting any org page as a non-admin results in an error message. No further action needed
- error_state.tsx - this had been completed by Constance in a separate PR but the comment was missed.
* Remove a bunch of unused components
These were left over from the user migration project and mainly have to do with users displayed in the groups section, which is no longer a feature.
* This commit needs no explanition
This was missed in this commit:
19ccd27e04
Refacotred and somehow renaming resulted in this monstrosity 🤦🏼♂️
* Remove source descriptions
Since this commit, these are no longer displayed in the UI
16d089acfd (diff-a4761afc86544a299d0129b749e3001625f5b194b95ebc31303824f8f95f4381L173)
* Set up tsconfigs
- Required if we're going to have several different Cypress suites (one for each plugin/product essentially) in order for global cy.() commands and it()/describe() to register as expected
@see https://docs.cypress.io/guides/tooling/typescript-support#Clashing-types-with-Jest
* Set up shared commands and routes
NOTE: Unlike ent-search, shared/ will *not* have its own set of tests - rather, shared/cypress is a resource/set of helpers for other test suites to extend/import/etc.
* Create basic Enterprise Search Overview E2E tests
- For happy path testing, we _likely_ shouldn't need more than these tests going forward
- If we ever want to add an error connecting test however, this is likely where it should go (or alternatively, use Kibana's FTR with Enterprise Search host set but not spun up)
* Set up App Search Cypress test scaffolding
- placeholder/hello world test only
* Set up Workplace Search Cypress test scaffolding
- placeholder/hello world test only
* Add helper script and update README
* Add config setup & documentation for potentially running Cypress against Kibana functional server
* PR feedback: Fix typescript project names
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Use empty state page template
* Remove unused translations
* Fixed snaps
* Use docLinks service
* Fix test
* Revert "Use docLinks service"
Use exisiting docLinks.ELASTIC_WEBSITE_URL instead
* Update learn more link and test
* fix test
Co-authored-by: cchaos <caroline.horn@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* provide execution context information for task.run and alert.execute
* log default space
* expose setRequestId to plugins for cases when a runtime scope exists outside of requestHandler
* fix typescript errors in jest test files
Unfortunately, some of the tests are still failing. Not quite sure what's
going on, but it looks like the calls to `withContext()` are not returning
the result of the function passed in, but only in the tests. Because the
code seems to run fine when I run Kibana - but perhaps we're just lucky
and don't need the results the tests are looking for, for my simple
smoke tests. But seems unlikely to me - guessing the mock is not being
set up correctly, or there's some weird interaction with jest mocks
and async hooks.
* fix alerting unit tests
* add tests that withContext is called even when exection_context service is disabled
* update docs
* add fakerequestid registration
* do not attach request id when undefined (FakeRequest, for example)
* Revert "add fakerequestid registration"
This reverts commit ca5a396dcc.
* not to expose setRequestId for time being
* cleanup alerting code
* update docs
* add a unit test for alerting execution context
* add a test for execution context of task runner
* improve description readability
* update type definitons
* fall back to unknownId if no requestId is provided
Co-authored-by: Patrick Mueller <pmuellr@gmail.com>
## Summary
Fixes agnostic type bug where in part 1 (#108225), I incorrectly used the same saved object type for both `single` and `agnostic`.
Before the references for SO's were:
```json
"references" : [
{
"name" : "param:exceptionsList_0",
"id" : "endpoint_list",
"type" : "exception-list" <--- This should have been "exception-list-agnostic" type
},
{
"name" : "param:exceptionsList_1",
"id" : "50e3bd70-ef1b-11eb-ad71-7de7959be71c",
"type" : "exception-list"
}
],
```
After:
```json
"references" : [
{
"name" : "param:exceptionsList_0",
"id" : "endpoint_list",
"type" : "exception-list-agnostic" <--- This should now be the "exception-list-agnostic" type
},
{
"name" : "param:exceptionsList_1",
"id" : "50e3bd70-ef1b-11eb-ad71-7de7959be71c",
"type" : "exception-list"
}
],
```
Manual testing: Add a new `security_solution` alert and exception list as well as an endpoint list to it. Then save it
<img width="1581" alt="Screen Shot 2021-08-13 at 5 00 39 PM" src="https://user-images.githubusercontent.com/1151048/129425847-78025aba-6d7a-4a5a-9d4f-950ec664596c.png">
<img width="1571" alt="Screen Shot 2021-08-13 at 5 00 47 PM" src="https://user-images.githubusercontent.com/1151048/129425848-42018331-cac6-4411-8153-3441a8af6f34.png">
Do this query in dev tools:
```json
GET .kibana-hassanabad19/_search
{
"query": {
"terms": {
"alert.alertTypeId": [
"siem.signals"
]
}
},
"size": 10000
}
```
And check to ensure that the references look like the after picture where type has : `"type" : "exception-list-agnostic"` if we have an agnostic list. Ensure that on a page reload that the exception types are still there on the rule. Ensure that there are no errors in the console about not finding the correct SO type or anything else odd.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* eui to 37.1.0
* i18n tokens
* license checker
* disabled prop
* i18n shapshot
* date title snapshots
* date title formatting
* date title formatting
* Revert "disabled prop"
This reverts commit 68a48c4352.
* date title formatting
* eui to 37.2.0
* trial: outsideClickCloses
* Revert "trial: outsideClickCloses"
This reverts commit 4da2299e4f.
* eui to 37.1.1
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Update title User Experience app
* Second rev.
* Modify breadcrumb to say "Dashboard" instead of "Overview".
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Justin Kambic <justin.kambic@elastic.co>
* set max width on date picker
going with 350px instead of the 250px in the mock in order to fully show the placeholder text for now.
see elastic/security-team/issues/1571
* pad date picker to align with activity log content
see elastic/security-team/issues/1571
* use padding sizes instead
review comments
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add alert consumers for useTimelineEventDetails
* set entityType to events
* rename to AlertConsumers
* set entityType to alerts
* send entity type to search strategy
* fix import
* fix import
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* update endpoint middleware to load data correctly
fixes kibana/issues/108497
modifies changes done in elastic/kibana/pull/107632
and elastic/kibana/pull/108330
* await results
fixes elastic/kibana/issues/108497
* review comments
* Add a test to cover this case
fixes elastic/kibana/issues/108497
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [RAC][Security Solution][Observability] Add the add to new case and add to existing case actions to observability alerts table
* Remove fake data and make features work with observability data format
* Remove console.log and unused translations
* Remove commented out code
* Remove unneeded copy pasta id, create initializeStore function in timelines
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* WIP: Adding integration test
* Replace threat.indicator mappings with threat.enrichments mappings
The nested threat.indicator mappings were experimental, and replaced by
threat.enrichmentsin ECS 1.10. While these fields are also experimental,
they fix the conflict between CTI data's normal threat.indicator
mappings.
* Add threat.enrichments mappings to our signals template mappings
event.* is no longer nested within here; it was determined that event
fields were not relevant to enrichment. All relevant ECS fieldsets
(file, pe, etc) are now nested under threat.enrichments.
* Update snapshot with newest threat.enrichments mappings
This test is a snapshot of the actual mappings applied by our templates. Looks good to me!
* Update ECS types to match latest
We now have two threat fields we care about for CTI, for legacy and
official ECS.
* Add a basic test for behavior of legacy enriched signals.
They're still queryable by threat.indicator, meaning that any existing
dashboards will still work.
* WIP: First pass at a data migration for CTI signals
* Defines reindex script to move things around
* Adds integration tests to make sure the migration and new mappings
work
* Need to test a few more things and verify corner cases
* Need to extract some helpers from tests
* Bump our template version to ensure devs roll over
Marshall bumped to 55, giving us 10 versions for 7.14.x updates.
However, devs would not otherwise roll over and get my mapping updates
without destroying their signals index and rebuilding (which is also not
the same thing, exactly), so this trades having one higher signals
version for a more streamlined dev workflow.
* More robust guard against data migration
We only attempt to migrate legacy enrichments if the document:
* is a signal from an indicator match rule
* has a `threat.indicator` field
* does not have a `threat.enrichments` field
* Minor reorder of operations to make logic clearer
* Add more assertions around our signals data migration
Tests a few more pieces of the resulting document, giving more
confidence that it's the correct transformation (and mappings).
This also modifies/anonymizes the data that was originally generated on
a work machine.
* Remove outdated note
This was for when these tests were driven via the UI; the API is more
responsive and now synchronization is currently needed here, beyond the
200 responses.
* Fix typo in comment
These fields are in ECS 1.11.
* Update snapshot test
We bumped the version previously, causing this test to become outdated.
* Update ECS typings in timelines plugin
These were copied from the security_solution plugin. I updated those,
but neglected to update these.
Until there's a better mechanism for deduplication here, I'm going to
kick the can and update both for now.
* Update enrichments logic to read/write from threat.enrichments
* indicator match rule logic
* we now simply copy from the specified indicator path, and place that
in `threat.enrichments.indicator`
* event enrichment API logic
* We were previously returning fields from `indicator.*`, we now
include the `indicator.*` suffix in order to be more consistent with
the sibling `matched.*` fields
* row renderer logic
* removal of dataset
* updates relevant to API changes above
* Fix logical error in generating links from indicator fields
We want to link the reference field, not a `first_seen` field.
* Always include the indicator prefix in first-party indicator fields
Prior to this change we would display e.g. `threatintel.indicator.foo`
for investigation enrichment fields. Now that the structure has changed
slightly and we return both `indicator.*` and `matched.*` fields for
existing enrichents, we want to display investigation enrichment
similarly.
* Update indicator match rule integration tests
Now that we've updated our enrichment logic, we need to update our
enrichment tests.
* Remove unused translation
* Update example row renderer data for enriched alerts
* Update parallel CTI constants to get our CTI row renderer working
We were not requesting the necessary fields for our row renderer, since
these constants (specifically CTI_ROW_RENDERER_FIELDS) now exist in both
security_solution and the timelines plugin. I had updated the former,
but only the latter is actually used.
* Update CTI enrichment UI tests
* Update prepackaged threat timeline template with new threat fields
Also bumps the timelineTemplateVersion.
* Update Indicator Match rule tests
These needed three things:
* Update to timeline template (see previous commit)
* Changing expectations from `threat.indicator` to `threat.enrichments`
* Update row renderer expectation to exclude dataset
* Update mock data with newest CTI enrichment fields
* Fix assertion on our threat details
These fields are prefixed with `indicator` now because:
1. This data pertains to the indicator, not the match per se
2. The actual field is prefixed with indicator (or, it at least
specifies an indicator in the case of a custom threat index (via
threat_indicator_path))
* Update test data and tests for our field parsing helpers
* Update more event-parsing tests
Ths one involved updating a mock in another package.
* Modify our helper function to support old filebeat indicators
When we query indicators for enrichment matches, the current expectation
is that we'll be querying 7.14 filebeat modules, which have an indicator
path of 'threatintel.indicator'. The only place that matters on the UI
is on the threat intel panel, where these indicators come back with such
a prefix.
This change has one behavior: it brings back the `provider` field on the
Alert summary tab for queried enrichments from filebeat modules.
* Update variable and method names to be more consistent with internal terminology
Indicators come from a CTI index. Enrichments are the application of
indicator data to other documents, and contain both indicator fields and
matched context.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Export EuiCodeEditor from es_ui_shared and consume it in Grok Debugger. Remove warning from EuiCodeEditor.
* Lazy-load code editor so it doesn't bloat the EsUiShared plugin bundle.
* Refactor mocks into a shared jest_mock.tsx file.
* Wip
* Things are more broken, but closer to the end goal
* Get patch request working
* Update event type
* Other two toggles
* Force sync button
* Remove force sync button for now
* Disable the checkbox when globally disabled and introduce click to save
* Wip tests
* One test down
* Test for skipping name alert
* Linter
* Fix undefined check
* Prettier
* Apply suggestions from code review
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* Refactor some structures into interfaces
* UI tweaks
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
- Re-enable display of Pending isolation status on the UI along with a experimental feature flag to be able to turn it back off
- Improves the logic around determining if an isolation action has actually been processed by the Endpoint by looking for an endpoint metadata update whose `event.created` timestamp is more recent than the timestamp on the isolation Action Response. The goal is to minimize/avoid the UX around isolation where a user might not see the result from the Endpoint (isolated or released) after having seen the pending status on the UI.
- Add some protective code around our server side license watcher so that failures are not bubbled up and instead are logged to the kibana logs
- Added new `findHostMetadataForFleetAgents()` method to the `EndpointMetadataService`
- Added test mocks for `EndpointMetadataService` and tests for new method
## Summary
Reduces flake by changing out a Cypress pipe for a `cy.wait`. This UI element does unusual things that make it unfit for Cypress pipe such as multiple clicks against it will cause the component to have a dialog appear and disappear with transition effects which can make pipe not able to click once when the click handler is present.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- Makes use of ChartContainer to improve the loading behavior of the log log chart to include a loading indicator.
- Improves y axis ticks for the log log chart. Will set the max y domain to the next rounded value with one more digit, for example, if the max y value is 4567, the y domain will be extended to 10000 and 10000 being the top tick. This makes sure we'll always have a top tick, fixes a bug where with low number <10 we'd end up with just a low 1 tick.
- Improves x axis ticks to support different time units.
* Link to add data/beats tutorials when there are no integrations found
* Address PR feedback + fox i18n
* Update integrations page subtitle
Co-authored-by: Kyle Pollich <kpollich1@gmail.com>
* Split function to load endpoint details using parameters
* Add action to load endpoint details
* Moving all the endpoint details content to a separate component
* Rename endpoint details to endpoint details content
* Rename temporal file into EndpointDetails
* Remove unused dispatch
* Refactor ingestPolicies dispatching in the middleware
* First session of copy passes. More to come.
* Setup guide copy changes
* can not → cannot
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Set up tsconfigs
- Required if we're going to have several different Cypress suites (one for each plugin/product essentially) in order for global cy.() commands and it()/describe() to register as expected
@see https://docs.cypress.io/guides/tooling/typescript-support#Clashing-types-with-Jest
* Set up shared commands and routes
NOTE: Unlike ent-search, shared/ will *not* have its own set of tests - rather, shared/cypress is a resource/set of helpers for other test suites to extend/import/etc.
* Create basic Enterprise Search Overview E2E tests
- For happy path testing, we _likely_ shouldn't need more than these tests going forward
- If we ever want to add an error connecting test however, this is likely where it should go (or alternatively, use Kibana's FTR with Enterprise Search host set but not spun up)
* Set up App Search Cypress test scaffolding
- placeholder/hello world test only
* Set up Workplace Search Cypress test scaffolding
- placeholder/hello world test only
* Add helper script and update README
* Add config setup & documentation for potentially running Cypress against Kibana functional server
* PR feedback: Remove unnecessary return true
## Summary
When running the tests for detections like so:
```sh
node scripts/jest.js x-pack/plugins/security_solution/public/detections
```
We see two stack traces come up:
```sh
PASS x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx (51.663 s)
● Console
console.error
Warning: React does not recognize the `isActive` prop on a DOM element. If you intentionally want it to appear in the DOM as a custom attribute, spell it as lowercase `isactive` instead. If you accidentally passed it from a parent component, remove it from the DOM element.
in button (created by EuiButtonEmpty)
in EuiButtonEmpty (created by EuiFilterButton)
in EuiFilterButton (created by Styled(EuiFilterButton))
in Styled(EuiFilterButton) (created by AlertsTableFilterGroupComponent)
in div (created by EuiFilterGroup)
in EuiFilterGroup (created by Styled(EuiFilterGroup))
in Styled(EuiFilterGroup) (created by AlertsTableFilterGroupComponent)
in AlertsTableFilterGroupComponent (created by DetectionEnginePageComponent)
in div (created by Display)
in Display (created by DetectionEnginePageComponent)
in div (created by Wrapper)
in Wrapper (created by SecuritySolutionPageWrapperComponent)
in SecuritySolutionPageWrapperComponent (created by DetectionEnginePageComponent)
in div (created by styled.div)
in styled.div (created by DetectionEnginePageComponent)
in DetectionEnginePageComponent (created by ConnectFunction)
in ConnectFunction
in Router
in Provider (created by App)
in App (created by ErrorBoundary)
in ErrorBoundary (created by DragDropContext)
in DragDropContext (created by TestProvidersComponent)
in ThemeProvider (created by TestProvidersComponent)
in Provider (created by TestProvidersComponent)
in Provider
in Unknown (created by TestProvidersComponent)
in PseudoLocaleWrapper (created by I18nProvider)
in IntlProvider (created by I18nProvider)
in I18nProvider (created by TestProvidersComponent)
in TestProvidersComponent (created by WrapperComponent)
in WrapperComponent
at warningWithoutStack (node_modules/react-dom/cjs/react-dom.development.js:530:32)
at warning (node_modules/react-dom/cjs/react-dom.development.js:1018:27)
at validateProperty$1 (node_modules/react-dom/cjs/react-dom.development.js:7462:7)
at warnUnknownProperties (node_modules/react-dom/cjs/react-dom.development.js:7505:19)
at validateProperties$2 (node_modules/react-dom/cjs/react-dom.development.js:7528:3)
at validatePropertiesInDevelopment (node_modules/react-dom/cjs/react-dom.development.js:7575:5)
at setInitialProperties (node_modules/react-dom/cjs/react-dom.development.js:7860:5)
PASS x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.test.tsx (54.841 s)
● Console
console.error
Warning: React does not recognize the `isActive` prop on a DOM element. If you intentionally want it to appear in the DOM as a custom attribute, spell it as lowercase `isactive` instead. If you accidentally passed it from a parent component, remove it from the DOM element.
in button (created by EuiButtonEmpty)
in EuiButtonEmpty (created by EuiFilterButton)
in EuiFilterButton (created by Styled(EuiFilterButton))
in Styled(EuiFilterButton) (created by AlertsTableFilterGroupComponent)
in div (created by EuiFilterGroup)
in EuiFilterGroup (created by Styled(EuiFilterGroup))
in Styled(EuiFilterGroup) (created by AlertsTableFilterGroupComponent)
in AlertsTableFilterGroupComponent (created by RuleDetailsPageComponent)
in div (created by Wrapper)
in Wrapper (created by SecuritySolutionPageWrapperComponent)
in SecuritySolutionPageWrapperComponent (created by RuleDetailsPageComponent)
in div (created by styled.div)
in styled.div (created by RuleDetailsPageComponent)
in RuleDetailsPageComponent (created by ConnectFunction)
in ConnectFunction
in Router
in Provider (created by App)
in App (created by ErrorBoundary)
in ErrorBoundary (created by DragDropContext)
in DragDropContext (created by TestProvidersComponent)
in ThemeProvider (created by TestProvidersComponent)
in Provider (created by TestProvidersComponent)
in Provider
in Unknown (created by TestProvidersComponent)
in PseudoLocaleWrapper (created by I18nProvider)
in IntlProvider (created by I18nProvider)
in I18nProvider (created by TestProvidersComponent)
in TestProvidersComponent (created by WrapperComponent)
in WrapperComponent
at warningWithoutStack (node_modules/react-dom/cjs/react-dom.development.js:530:32)
at warning (node_modules/react-dom/cjs/react-dom.development.js:1018:27)
at validateProperty$1 (node_modules/react-dom/cjs/react-dom.development.js:7462:7)
at warnUnknownProperties (node_modules/react-dom/cjs/react-dom.development.js:7505:19)
at validateProperties$2 (node_modules/react-dom/cjs/react-dom.development.js:7528:3)
at validatePropertiesInDevelopment (node_modules/react-dom/cjs/react-dom.development.js:7575:5)
at setInitialProperties (node_modules/react-dom/cjs/react-dom.development.js:7860:5)
at finalizeInitialChildren (node_modules/react-dom/cjs/react-dom.development.js:9478:3)
```
This is because it looks like we should be using transient variables for styled per [here](https://styled-components.com/docs/api#transient-props)
This was introduced from this [PR](https://github.com/elastic/kibana/pull/107249)
### Checklist
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Remove outdated top_alerts route and related types
* Remove tests for deleted code
* Remove test for deleted API
* Remove reference to deleted type
* Remove unused translations
* Remove unused mock from story
* Remove no-op alerts page story for now
* Remove unsafe type assertions
* Factor out alert field type
* Compile kbn-io-ts-utils for the browser as well
* Avoid deep import which doesn't work cross-platform
* Revert "Avoid deep import which doesn't work cross-platform"
This reverts commit 492378c6b5.
* Revert "Compile kbn-io-ts-utils for the browser as well"
This reverts commit a1267b139d.
* Revert "Factor out alert field type"
This reverts commit def6987498.
* Revert "Remove unsafe type assertions"
This reverts commit c88d4cd005.
* Remove unsafe type assertions (again)
* add to case action in flyout
* Fix most type errors
* Use context menu item instead of empty button for popover items
* Remove unused import
* Fire action on case modal close
* Update tests to use both components and remove console.log
* Update mocks in unit tests
* Use an onClose prop instead of closeCallbacks
* Pr feedback, create shared mock and rename handler
* Make app usable when timelines is not enabled
* Remove unused translations
* test user with specific roles and permissions
* added SO method logging, added test data stream to the role and modified createindexpattern function
* removed unused method added in settings page
* removed unused index name- logs-*
* remove unused function from settings page
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [ML] Adds initial record score to the anomalies table expanded row content
* [ML] Edits to tooltip text following review
* [ML] Add check for undefined when outputting probability
* very wip
* - Reached first iteration of reporting body value being saved with
the report for **PDF**
- Removed v2 of the reporting since it looks like we may be able
to make a backwards compatible change on existing PDF/PNG
exports
* reintroduced pdfv2 export type, see https://github.com/elastic/kibana/issues/99890\#issuecomment-851527878
* fix a whol bunch of imports
* mapped out a working version for pdf
* refactor to tuples
* added v2 pdf to export type registry
* a lot of hackery to get reports generated in v2
* added png v2, png reports with locator state
* wip: refactored for loading the saved object on the redirect app URL
* major wip: initial stages of reporting redirect app, need to add a way to generate v2 reports!
* added a way to generate a v2 pdf from the example reporting plugin
* updated reporting example app to read and accept forwarded app state
* added reporting locator and updated server-side route to not use Boom
* removed reporting locator for now, first iteration of reports being generated using the reporting redirect app
* version with PNG working
* moved png/v2 -> png_v2
* moved printable_pdf/v2 -> printable_pdf_v2
* updated share public setup and start mocks
* fix types after merging master
* locator -> locatorParams AND added a new endpoint for getting locator params to client
* fix type import
* fix types
* clean up bad imports
* forceNow required on v2 payloads
* reworked create job interface for PNG task payload and updated consumer code report example for forcenow
* put locatorparams[] back onto the reportsource interface because on baseparams it conflicts with the different export type params
* move getCustomLogo and generatePng to common for export types
* additional import fixes
* urls -> url
* chore: fix and update types and fix jest import mocks
* - refactored v2 behaviour to avoid client-side request for locator
instead this value is injected pre-page-load so that the
redirect app can use it
- refactored the interface for the getScreenshot observable
factory. specifically we now expect 'urlsOrUrlTuples' to be
passed in. tested with new and old report types.
* updated the reporting example app to use locator migration for v2 report types
* added functionality for setting forceNow
* added forceNow to job payload for v2 report types and fixed shared components for v2
* write the output of v2 reports to stream
* fix types for forceNow
* added tests for execute job
* added comments, organized imports, removed selectors from report params
* fix some type issues
* feedback: removed duplicated PDF code, cleaned screenshot observable function and other minor tweaks
* use variable (not destructured values) and remove unused import
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [RAC] display timestamp value instead of triggered
* remove unused value
* fix imports
* fix imports
* Update x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx
Co-authored-by: Tiago Costa <tiagoffcc@hotmail.com>
* add some explanations
* more explanations
* 108035: change relative time for timestamp to absolute
Co-authored-by: Tiago Costa <tiagoffcc@hotmail.com>
* add alert consumers for useTimelineEventDetails
* set entityType to events
* rename to AlertConsumers
* set entityType to alerts
* send entity type to search strategy
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add evaluation quality metrics to Classification exploration view
* move type to common file
* fix path
* switch accuracy and recall columns and update MetricItem name
* add evaluation metrics title
* ensure evaluation metrics section is left aligned
* [maps] add indication in layer TOC when layer is filtered by map bounds
* fix i18n id collision
* use ghost color so icons are more visible
* revert icon color change
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fix role mappings table search not working on some columns
Not searchable columns had non-string data: arrays, objects.
The default implementation of search doesn't perform a search on non-string data.
The solution used here is to have a custom search callback that converts the entire
role mapping object to string and then checks if user query exists in this string.
It was copied and adjusted from example in EUI docs:
https://elastic.github.io/eui/#/tabular-content/in-memory-tables#in-memory-table-with-search-callback
* Fix copy
* Fix the same issue for Users table
The search was not performed on Engines/Groups column.
Also adjust the variable names in role_mappings_table to closely match
variable names in users_table
* [ML] Job import/export calendar and filter warnings
* fixing translation id
* adding export callout
* fixing translation id
* translation ids
* bug in global calendar check
* code clean up based on review
* updating text
* updatiung text
* updating apidoc
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [APM] Displays callout when transaction events are used instead of aggregrated metrics (#107477)
* Apply suggestions from code review
Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com>
* PR feedback, and isolates the logic for getting the fallback strategy
* PR feedback
Co-authored-by: Søren Louv-Jansen <sorenlouv@gmail.com>
* Replace more legacy elasticsearch types
* Handle possibly undefined response fields
These are both number | undefined, so we default to 0 if we need a
value. Fixes the type errors resulting from the previous type changes.
## Summary
This is part 1 to addressing the issue seen here: https://github.com/elastic/kibana/issues/101975
This part 1 wires up our rules to be able to `inject` and `extract` parameters from the saved object references. Follow up part 2 (not included here) will do the saved object migrations of existing rules to have the saved object references.
The way the code is written it shouldn't interfere or blow up anything even though the existing rules have not been migrated since we do fallbacks and only log errors when we detect that the saved object references have not been migrated or have been deleted.
Therefore this PR should be migration friendly in that you will only see an occasional error as it serializes and deserializes a non migrated rule without object references but still work both ways. Non-migrated rules or rules with deleted saved object references will self correct during the serialization phase when you edit a rule and save out the modification. This should be migration bug friendly as well in case something does not work out with migrations, we can still have users edit an existing rule to correct the bug.
For manual testing, see the `README.md` in the folder. You should be able to create and modify existing rules and then see in their saved objects that they have `references` pointing to the top level exception list containers with this PR.
* Adds the new folder in `detection_engine/signals/saved_object_references` with all the code needed
* Adds a top level `README.md` about the functionality and tips for new programmers to add their own references
* Adds a generic pattern for adding more saved object references within our rule set
* Adds ~40 unit tests
* Adds additional migration safe logic to de-couple this from required saved object migrations and hopefully helps mitigates any existing bugs within the stack or previous migration bugs a bit for us.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Refactor - moved extension types to its own type file
* initial add of new extension point type
* Removes unused imports
* fix import order
* try to fix ts errors
* Add ts types for delete callback and register it. Also add packagePolicy to the delete response
* Use logger instead of console log
* Removes array check
* Try fix some types and added TODO's
* Fix ts errors and remove @ts-ignore 's
* Remove useless ts-ignore
* Remove useless todo
* Remove enforced assertion by checking externalCallbackType
Co-authored-by: Paul Tavares <paul.tavares@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* ensure all hyperparameters are retained on clone
* ensure resultsField is set to default when switch enabled
* Add FeatureProcessor type
* ensure state persists for advanced fields when switching to form
* Remove description column, replace w/ tooltip
* Add upgrade tooltip to version column in package policy table
* Add update policy action
* Add inline upgrade package policy button
* Clean up types + add upgrade CTA's to integrations policy table
* Fix i18n
* Fix button widths
* Upgrade package policy when saving integration w/ upgrade param
* Update edit policy page description for upgrades
* Support setting vars on new package version before saving to upgrade
* Add flyout for JSON of previous policy version
* Compile package policy before displaying in flyout
* Support different success redirects following package policy upgrades
* Fix i18n
* Fix more type errors
* Fix even more type errors 🙃
* Fix type errors
* Don't throw errors for missing vars, include them in missingVars response object
* Update tests for new missingVars field
* Fix failing tests
* Address PR feedback
* Fix missing i18n value
* Fix types
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
### Summary
### Fields used moving forward
`kibana.alert.rule.consumer` will refer to the context in which a rule instance is created. Rules created in:
- stack --> `alerts`
- security solution --> `siem`
- apm --> `apm`
`kibana.alert.rule.producer` will refer to the plugin that registered a rule type. Rules registered in:
- stack --> `alerts`
- security solution --> `siem`
- apm --> `apm`
So an `apm.error_rate` rule created in stack will have:
- consumer: `alerts` and producer: `apm`
An `apm.error_rate` rule created in apm will have:
- consumer: `apm` and producer: `apm`
`kibana.alert.rule.rule_type_id` will refer to a rule's rule type id. Examples:
- `apm.error_rate`
- `siem.signals`
- `siem.threshold`
Also renamed the following because `rule.*` fields are meant to be ecs fields pulled from the source/event document, not refer to our rule fields.
`rule.name` --> `kibana.alert.rule.name` will refer to the rule's name.
`rule.category` --> `kibana.alert.rule.category` will refer to the rule's category.
`rule.id` --> `kibana.alert.rule.uuid` will refer to the rule's uuid.
- Makes sure fields defined in `FIELDS_TO_ADD_AS_CANDIDATE` and prefixed with one of `FIELD_PREFIX_TO_ADD_AS_CANDIDATE` get queried first when retrieving the `correlation` and `ks-test` value.
- Correctly consider the `includeFrozen` parameter.
- The bulk of the PR is a refactor:
- Moves `query_*` files to `queries` directory
- Introduces `asyncSearchServiceStateProvider` to manage the state of the async search service in isolation so that we no longer mutate individual vars or plain objects.
- Introduces `asyncSearchServiceLogProvider` and extends the log to not only store messages but original error messages retrieved from ES too.
- Refactors some more functions in separate files and adds unit tests.
- Removes some deprecated code no longer needed.
* clean up the enqueue job function
* clean up the screenshots observable
* clean up authorized user pre routing
* clean up get_user
* fix download job response handlers
* clean up jobs query factory repetition
* clean up setup deps made available from plugin.ts
* update test for screenshots observable
* Revert "clean up setup deps made available from plugin.ts"
This reverts commit 91de680ebf.
* revert renames
* minor rename
* fix test after rename
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [build_ts_refs] improve caches, allow building a subset of projects
* cleanup project def script and update refs in type check script
* rename browser_bazel config to avoid kebab-case
* remove execInProjects() helper
* list references for tsconfig.types.json for api-extractor workload
* disable composite features of tsconfig.types.json for api-extractor
* set declaration: true to avoid weird debug error
* fix jest tests
Co-authored-by: spalger <spalger@users.noreply.github.com>
* Add brush listener
* Fix back button not working
* [ML] Remove api names in apidoc.json
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes https://github.com/elastic/kibana/issues/106233
During an earlier upgrade/fix to our system to add defaults to our types, we overlooked the "author" field which wasn't part of the original rules. Users upgrading might get errors such as:
```
params invalid: Invalid value "undefined" supplied to "author"
```
This fixes that issue by adding a migration for the `author` field for `7.14.1`.
See https://github.com/elastic/kibana/issues/106233 for test instructions or manually remove your author field before upgrading your release and then upgrade and this should be fixed on upgrade.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
