* first iteration of ilm policy copy - in a callout
* apply James' suggested change
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>
### Summary
### Fields used moving forward
`kibana.alert.rule.consumer` will refer to the context in which a rule instance is created. Rules created in:
- stack --> `alerts`
- security solution --> `siem`
- apm --> `apm`
`kibana.alert.rule.producer` will refer to the plugin that registered a rule type. Rules registered in:
- stack --> `alerts`
- security solution --> `siem`
- apm --> `apm`
So an `apm.error_rate` rule created in stack will have:
- consumer: `alerts` and producer: `apm`
An `apm.error_rate` rule created in apm will have:
- consumer: `apm` and producer: `apm`
`kibana.alert.rule.rule_type_id` will refer to a rule's rule type id. Examples:
- `apm.error_rate`
- `siem.signals`
- `siem.threshold`
Also renamed the following because `rule.*` fields are meant to be ecs fields pulled from the source/event document, not refer to our rule fields.
`rule.name` --> `kibana.alert.rule.name` will refer to the rule's name.
`rule.category` --> `kibana.alert.rule.category` will refer to the rule's category.
`rule.id` --> `kibana.alert.rule.uuid` will refer to the rule's uuid.
- Makes sure fields defined in `FIELDS_TO_ADD_AS_CANDIDATE` and prefixed with one of `FIELD_PREFIX_TO_ADD_AS_CANDIDATE` get queried first when retrieving the `correlation` and `ks-test` value.
- Correctly consider the `includeFrozen` parameter.
- The bulk of the PR is a refactor:
- Moves `query_*` files to `queries` directory
- Introduces `asyncSearchServiceStateProvider` to manage the state of the async search service in isolation so that we no longer mutate individual vars or plain objects.
- Introduces `asyncSearchServiceLogProvider` and extends the log to not only store messages but original error messages retrieved from ES too.
- Refactors some more functions in separate files and adds unit tests.
- Removes some deprecated code no longer needed.
* clean up the enqueue job function
* clean up the screenshots observable
* clean up authorized user pre routing
* clean up get_user
* fix download job response handlers
* clean up jobs query factory repetition
* clean up setup deps made available from plugin.ts
* update test for screenshots observable
* Revert "clean up setup deps made available from plugin.ts"
This reverts commit 91de680ebf.
* revert renames
* minor rename
* fix test after rename
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [build_ts_refs] improve caches, allow building a subset of projects
* cleanup project def script and update refs in type check script
* rename browser_bazel config to avoid kebab-case
* remove execInProjects() helper
* list references for tsconfig.types.json for api-extractor workload
* disable composite features of tsconfig.types.json for api-extractor
* set declaration: true to avoid weird debug error
* fix jest tests
Co-authored-by: spalger <spalger@users.noreply.github.com>
* Add brush listener
* Fix back button not working
* [ML] Remove api names in apidoc.json
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes https://github.com/elastic/kibana/issues/106233
During an earlier upgrade/fix to our system to add defaults to our types, we overlooked the "author" field which wasn't part of the original rules. Users upgrading might get errors such as:
```
params invalid: Invalid value "undefined" supplied to "author"
```
This fixes that issue by adding a migration for the `author` field for `7.14.1`.
See https://github.com/elastic/kibana/issues/106233 for test instructions or manually remove your author field before upgrading your release and then upgrade and this should be fixed on upgrade.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Should not show edit button on rule management page if rule not editable in stack
* Disabling edit button in collapsed actions
* Adding tests for collapsed item actions component
* Cleanup
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* rename constants and alert types to rules
* update test language
* update BaseRule properties to rule
* change rawAlert to sanitizedRule
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] filtered out docs with empty entity ids for tracks and top-hits layers
* eslint
* add type check for string fields
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* fixing service inventory responsive design
* truncate service name
* adding unit test
* addressing PR comments
* fixing test
* fixing merge problem
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Adds the model_prune_window setting added in elastic/elasticsearch#75741
to all Security jobs that use functions that support model pruning.
This means that the models for split field values that are not seen for
30 days will be dropped. If those split field values are subsequently seen
again then new models will be created like for completely new entities.
The "rare" function does not support model pruning, so jobs that use
the "rare" function are not modified.
* Ensure install/upgrade of endpoint package first checks to see that fleet is setup
* Delete un-used `<Setup />` component
* Test cases for `useUpgradeSecurityPackages()` hook