### Summary
This PR addresses the remaining query preview bugs.
- it adds index, and request information to eql inspect - it seems that for some reason the eql search strategy response returns `null` for the `params.body` in complete responses, but not in partial responses and does not include index info. As a workaround, I set the inspect info on partial responses and manually add index info
- added to-dos pointing this out in the code
- updated eql sequence queries preview to use the last event timestamp of a sequence to display the hits within a histogram
- it checks buckets length to determine noise warning for threshold rules, as opposed to total hit count
- remove unused i18n text
- fixes bug where threshold is being passed in for all rule types as it's always defined in the creation step, added a check to only pass through to `useMatrixHistogram` hook when rule type is threshold
* remove all privileges on hidden saved object type of alert and change alerting privileges to read when read privileges are set for security solution.
* Add empty state for user experience metrics.
* Add empty state for page load duration metrics.
* Add empty state for core web vitals.
* Fix bug injected by these changes.
* Add a test.
* Upgraded eui to v29.5.0; snapshot updates
* Cleaned up some types
* addresses feedback on types change
* Update EuiIcon snapshots in jest integration tests
* Updated snapshot from rebasing on master
This PR addresses a list of legacy code debt the plugin has incurred over the past year due to extensive changes in its internals and the adoption of the Kibana Platform.
It includes:
1. The `TaskManager` class has been split into several independent components: `TaskTypeDictionary`, `TaskPollingLifecycle`, `TaskScheduling`, `Middleware`. This has made it easier to understand the roles of the different parts and makes it easier to plug them into the observability work.
2. The exposed `mocks` have been corrected to correctly express the Kibana Platform api
3. The lifecycle has been corrected to remove the need for intermediary streames/promises which we're needed when we first introduced the `setup`/`start` lifecycle to support legacy.
4. The Logger mocks have been replaced with the platform's `coreMocks` implementation
5. The integration tests now test the plugin's actual public api (instead of the internals).
6. The Legacy Elasticsearch client has been replaced with the typed client in response to the deprecation notice.
7. Typing has been narrowed to prevent the `type` field from conflicting with the key in the `TaskDictionary`. This could have caused the displayed `type` on a task to differ from the `type` used in the Dictionary itself (this broke a test during refactoring and could have caused a bug in production code if left).
* Set service map cursors
* "pointer" when mousing over a node
* "default" when mousing out
* "grabbing" while dragging
Sets the cursor style on the container, not on the individual element.
Since the node can both be clicked (to open a popover) and dragged, I left the cursor on hover as "pointer" to indicate the clickability.
Fixes#64283.
* disable edit button only when there is an action present on the rule to be edited, but the user attempting the edit does not have actions privileges
* adds tooltip to explain why the edit rule button is disabled
* prevent user from editing rules with actions on the all rules table
* adds tooltip to appear on all rules table
* updates tests for missing params and missing mock of useKibana
* disable activate switch on all rules table and rule details page
* remove as casting in favor of a boolean type guard to ensure actions.show capabilities are a boolean even though tye are typed as a boolean | Record
* disable duplicate rule functionality for rules with actions
* fix positioning of tooltips and add tooltip to rule duplicate button in overflow button
* update tests
* WIP - display bulk actions dropdown options as disabled + add tooltips describing why they are disabled
* add eui tool tip as child of of each context menu item
* PR feedback and utilize map of rule ids to rules to replace usage of array.finds
* update snapshot
* fix mocks
* fix mocks
* update wording with feedback from design team
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
* wip
* added missing shared_imports file to index
* initial migration of hot phase to form lib
- tests are now broken
- need to break up the hot_phase file in to meaningful parts
- duplicated set_priority and forcemerge components
* Big refactor
- moved a lot of files around
- removed the need for the state to track whether rollover is set
* Integrate form lib serialization with existing serialization
- refactor serializePolicy -> legacySerializePolicy
- updated serialization of form lib to factor in pre-existing
policy values. These should be interacted with in a non-lossy
way.
* wip on fixing jest tests and some other refactors
* fix jest tests and other refactors
* delete existing hot phase serialization and tests
* beginning of serializer test for hot phase
* added serialization tests for form lib components
* fix some i18n issues
* fixed delete phase integration test
* move hot phase serialization test to pre-existing test location
* fix another jest test issue
* fix ui metric tracking for setting input priority in hot phase
* refactor use rollover switch to form lib component and update validation for number segments in force merge
* readded missing validation 🤦🏼♂️
* fix type check issues and setting of rollover enabled 🙄
* migrate all form lib components to spreading all rest props in EuiFormRow
* added comment to test helper function
* refactor test helper setPhaseIndexPriorityFormLib -> setPhaseIndexPriority
* refactor to use form schema
* Removed use of UseMultiFields component
- also fix missing "key" on react component in unrelated file
- fixed ordering of JSON in test file
- also removed default value from form schema so that when a
value is not set for max size, max docs or max age it will
remain unset in future policies
* update json flyout behaviour
* fix json policy serialization
* Fix type and i18n issues
* do not use form.subscribe
* add missing key value in cells
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes false positives that can be caused by empty records in the threat list. Previously I would drop a piece of data in an AND clause if it did not exist in the threat list rather than dropping the entire A clause.
* Adds unit tests
* Adds backend integration tests
* Reduces some boiler plate across the integration tests as suggested in earlier PR reviews
Example is if you create a threat list mapping and add records like so without a field/value such as `host.name`:
```json
"_source" : {
"@timestamp" : "2020-09-10T00:49:13Z",
"source" : {
"ip" : "127.0.0.1",
"port" : "1001"
}
```
And then you would create an "AND" relationship against the data like so using `host.name` which does not exist in your list:
<img width="1060" alt="Screen Shot 2020-10-16 at 7 29 45 AM" src="https://user-images.githubusercontent.com/1151048/96264530-8581b480-0f81-11eb-8ab9-16160d55c26b.png">
What would happen is that part of the AND would drop and you would match all the `source.ip` which gives us false positives or unexpected results. Instead, with this PR we now drop the entire AND clause if it cannot find part of a record.
This protection is per record level, so if you have N records where some M set is missing `host.name` only those M record sets would have this "AND" removed.
If you have 1 or more "OR"'s, it will still match the records against those OR's as long as their inner AND clauses have both records in your list match.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Properly unset global state on the listing page
* Fix how we handle global state in getSafeForExternalLink
* Fix breadcrumbs for clusters link
* Fix tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
