## [Security] `Investigate in Resolver` Timeline Integration
This PR adds a new `Investigate in Resolver` action to the Timeline, and all timeline-based views, including:
- Timeline
- Alert list (i.e. Signals)
- Hosts > Events
- Hosts > External alerts
- Network > External alerts
### Resolver Overlay
When the `Investigate in Resolver` action is clicked, Resolver is displayed in an overlay over the events. The screenshot below has placeholder text where Resolver will be rendered:
The Resolver overlay is closed by clicking the `< Back to events` button shown in the screenshot above.
The state of the timeline is restored when the overlay is closed. The scroll position (within the events), any expanded events, etc, will appear exactly as they were before the Resolver overlay was displayed.
### Case Integration
Users may link directly to a Timeline Resolver view from cases via the `Attach to new case` and `Attach to existing case...` actions show in the screenshot below:
When users click the link in a case, Timeline will automatically open to the Resolver view in the link.
### URL State
Users can directly share Resolver views (in saved Timelines) with other users by copying the Kibana URL to the clipboard when Resolver is open.
When another user pastes the URL in their browser, Timeline will automatically open and display the Resolver view in the URL.
### Enabling the `Investigate in Resolver` action
In this PR, the `Investigate in Resolver` action is only enabled for events where all of the following are true:
- `agent.type` is `endpoint`
- `process.entity_id` exists
### Context passed to Resolver
The only context passed to `Resolver` is the `_id` of the event (when the user clicks `Investigate in Resolver`)
### What's next?
- @oatkiller will replace the placeholder text shown in the screenshots above with the actual call to Resolver in a separate PR
- I will follow-up this PR with additional tests
- The action text `Investigate in Resolver` may be changed in a future PR
- Hide the `Add to case` action in timeline-based views (it's currently visible, but disabled)
* hide timeline on Management pages
* adjust managment page view styles
* Added additional tests for validating no timeline button on management views
* centralize API Path responses and reuse across some tests
* Fix state being reset incorrectly
### Summary
This PR is a follow up to #68864 . That PR used a partial to differentiate between new and existing comments, this meant that comments could be updated when they shouldn't. It was decided in our discussion of exception list schemas that comments should be append only. This PR assures that's the case, but also leaves it open to editing comments (via API). It checks to make sure that users can only update their own comments.
This pr adds convenient license support to dynamic uiActions in x-pack.
Works for actions created with action factories & drilldowns.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* First round of UX tweaks
- Fixed potential text overflow issue on descriptions
- Removed border around text input when editing description
* Updated the on-failure pipeline description copy
* Properly encode URI component pipeline names
* use xjson editor in flyout
* also hide the test flyout if we are editing a component
* add much stronger dimming effect when in edit mode
* also added dimming effect to moving state
* remove box shadow if dimmed
* add tooltips to dropzones
* fix CITs after master merge
* fix nested rendering of processors tree
* only show the tooltip when the dropzone is unavaiable and visible
* keep white background on dim
* hide controls when moving
* fix on blur bug
* Rename variables and prefix booleans with "is"
* Remove box shadow on all nested tree items
* use classNames as it is intended to be used
* Refactor SCSS values to variables
* Added cancel move button
- also hide the description in move mode when it is empty
- update and refactor some shared sass variables
- some number of sass changes to make labels play nice in move
mode
- changed the logic to not render the buttons when in move mode
instead of display: none on them. The issue is with the tooltip
not hiding when when we change to move mode and the mouse event
"leave" does get through the tooltip element causing tooltips
to hang even though the mouse has left them.
* Fixes for monaco XJSON grammar parser and update form copy
- Monaco XJSON worker was not handling trailing whitespace
- Update copy in the processor configuration form
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [Endpoint] use rbush to only render resolver nodes that are in view in the DOM
* Add related events code back
* Change processNodePositionsAndEdgeLineSegments selector to return a function that takes optional bounding box
* Refactor selectors to not break original, and not run as often
* Memoize rtree search selector, fix tests
* Update node styles to use style hook, update jest tests
* Fix type change issue in jest test
* redirect app/security to app/security/overview
* missing re-naming initialization
* add unit test for intialization value of indicesExists
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* refactor: 💡 rename folder to "explore_data"
* style: 💄 check for "share" plugin in more semantic way
"explore data" actions use Discover URL generator, which is registered
in "share" plugin, which is optional plugin, so we check for its
existance, because otherwise URL generator is not available.
* refactor: 💡 move KibanaURL to a separate file
* feat: 🎸 add "Explore underlying data" in-chart action
* fix: 🐛 fix imports after refactor
* feat: 🎸 add start.filtersFromContext to embeddable plugin
* feat: 🎸 add type checkers to data plugin
* feat: 🎸 better handle empty filters in Discover URL generator
* feat: 🎸 implement .getUrl() method of explore data in-chart act
* feat: 🎸 add embeddable.filtersAndTimeRangeFromContext()
* feat: 🎸 improve getUrl() method of explore data action
* test: 💍 update test mock
* fix possible stale hashHistory.location in discover
* style: 💄 ensureHashHistoryLocation -> syncHistoryLocations
* docs: ✏️ update autogenerated docs
* test: 💍 add in-chart "Explore underlying data" unit tests
* test: 💍 add in-chart "Explore underlying data" functional tests
* test: 💍 clean-up custom time range after panel action tests
* chore: 🤖 fix embeddable plugin mocks
* chore: 🤖 fix another mock
* test: 💍 add support for new action to pie chart service
Co-authored-by: Anton Dosov <anton.dosov@elastic.co>
This PR migrates all old alerts with the `alerting` consumer to have `alerts` instead.
This is because in 7.9 we changed the feature ID and we need these to remain in sync otherwise the RBAC work (https://github.com/elastic/kibana/pull/67157) will break old alerts.
* Add store class
* fix tests
* fix the createIndex bug
* add reportingstore test
* change function args
* nits
* add test for automatic index creation failure recovery
* [APM] Add callout
Showing a callout to inform the user we have detected a high cardinality in unique transaction names and enabling them how to fix it.
* Changed color and icon
* Updated copy and styling
* Check number of returned buckets
* Add translations and docs
* Update docs link
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
* Fix tests
Co-authored-by: Casper Hübertz <casper@formgeist.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Introduces migrations into Encrypted Saved Objects.
The two main changes here are:
1. The addition of a createMigration api on the EncryptedSavedObjectsPluginSetup.
2. A change in SavedObjects migration to ensure they don't block the event loop.
Relates to #69642. If the user doesn't have the appropriate privileges for the annotations index, instead of failing with a 500, we now catch the error and log a warning to the console.
* Ingest: Rename datasource Layout prop to `onCancel`
* Endpoint: Policy list - swap use of endpoint package hook for redux middleware
* Endpoint: Add tests cases for `sendGetEndpointSecurityPackage()` method
* Endpoint: add policy list store tests for new action
* Updates list entry schema, exposes exception list client, updates tests
* create new de list schema and unit tests
* updated route unit tests and types to match new list schema
* updated existing DE exceptions code so it should now work as is with updated schema
* test and types cleanup
* cleanup
* update unit test
* updates per feedback
