**Related to:** https://github.com/elastic/kibana/pull/94143
## Summary
This PR adds new fields to the schema (`EventSchema`, `IEvent`):
- standard ECS fields: `error.*`, `event.*`, `log.level`, `log.logger`, `rule.*`
- custom field set `kibana.detection_engine`
We need these fields on the Detections side to implement detection rule execution log. See the related proposal (https://github.com/elastic/kibana/pull/94143) for more details.
Also, this PR bumps ECS used in Event Log from `1.6.0` to the current `1.8.0` version. They are 100% same in terms of fields used in Event Log, so no changes in the schema were caused by this version increment.
Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
* [TSVB] Enable `dual mode`, support index patterns and strings
* modify UI
* add migration script
* refactoring
* fix CI
* prefill the index pattern name
* modify UI
* modify UI
* update UI
* fix functional test
* some work
* remove callouts
* fix rollup test
* update UI
* fix typo
* add some unit tests
* add functional test
* fix CI
* correct labels
* fix ci group 12
* cleanup interface
* fix CI
* cleanup API
* fix some of PR comments
* move index patterns into so references
* remove wrong logic
* fix JEST
* fix some ui issues
* update sample data
* indexPatternObject -> indexPatternValue
* fix comments
* I have a dashboard with two TSVB viz. One with the default (haven't applied it to the combobox) and one with the logs. The filter contains fields only from the logs index pattern
* When I am on the string mode and try to write my index, sometimes some of the chars are not added or they are deleted while typing, something with the denounce maybe?
* fix merge conflicts
* Does this PR also supports runtime fields? I created one from the editor and I see that I can select it
* fix UI issue
* If I create a viz with the string mode and a wildcard e.g. kibana_sample*, the index patterns are not communicated correctly to the dashboard.
* fix import/export refs for dashboard
* remove MigrationPopover
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Split rule executors into different files
* Pass type-specific rule SOs to rule executor functions
* Genericize function to narrow ruleSO type
* Remove undefined return type from getExceptions
* Remove unintentional change to SIGNALS_TEMPLATE_VERSION
* Remove extra validation now covered by schemas
* Remove extra validation from ML rule executor
* Fix types
* syncs schemas
* Revert "syncs schemas"
This reverts commit b1dd59e3f0.
* Fix api test and move threshold executor test
* kinda adds eql test
* Refactor and fix unit tests
* fixes marshalls mistake
Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marshall Main <55718608+marshallmain@users.noreply.github.com>
Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
* [Alerts][Actions] Added missing telemtry mapping for a new alert and action types: geo-containment, es-query, teams
* fixed mappings
* fixed ML alert type telemetry mappings
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Beginning to move the exceptions UI out of the security solution plugin and into the lists plugin. In order to keep PRs (relatively) small, I plan to move single components at a time. This should also then help more easily pinpoint the source of any issues that come up along the way.
The next couple PRs will focus on the exception builder. This one in particular is focused on moving over the `BuilderEntryItem` which deals with rendering the individual exception item entries. An entry can be of type `match`, `match_any`, `list`, `exists`, or `nested`. The component makes use of the autocomplete fields which use the index patterns to display possible fields and field values.
One of the decisions made in this PR was to have consumers of the `BuilderEntryItem` pass through the autocomplete service as opposed to the `lists` plugin adding it as a dependency. The reason being that it is likely that plugins using the lists plugin will already be consuming either the data plugin or if alerting takes exceptions in, then they'll be consuming alerting. In an effort to avoid some possible icky circular dependency issues, though it best to make the service passed in, as we had already been doing with the hooks in the `lists` plugin.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
`/agents/bulk_unenroll` should return a response with a result for each agent given; including invalid or missing ids. It currently returns an empty object. https://github.com/elastic/kibana/issues/90437
[TS type diff for response](dd34e4c5ef/x-pack/plugins/fleet/common/types/rest_spec/agent.ts (L124-L130))
```diff
- // eslint-disable-next-line @typescript-eslint/no-empty-interface
- export interface PostBulkAgentUnenrollResponse {}
+ export type PostBulkAgentUnenrollResponse = Record<
+ Agent['id'],
+ {
+ success: boolean;
+ error?: string;
+ }
+ >;
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Co-authored-by: John Schulz <john.schulz@elastic.co>
* Rework panels to subdued style
* Fix button when source has been onboarded
* Update content_section test for EuiSpacer
* Update content_section test for EuiSpacer Length
* Lint fix for onboarding_card
* Remove spacer size due to default
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* Remove test line for Spacer now that size=default
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: John Barrier Wilson <johnbarrierwilson@gmail.com>
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* Update EuiPageHeaders with basic titles
* Update engine creation views
- meta engine - move to description
+ misc fix - non-heading EuiTitles that do not match the standalone UI
* Update EuiPageHeaders with simpler actions
* Update Documents page header
+ test reorg - move DocumentCreationButton tests to its own test block
* Update EnginesOverviewHeader (+ refactors)
- Switch from FormattedMessage to i18n to match rest of repo
- Switch to eslint-disbable instead of doing a buttonProps workaround (this will get deleted anyway post-migration)
* whoops
Co-authored-by: Constance <constancecchen@users.noreply.github.com>
* [Task Manager] Fixed the behavior of the claiming tasks funtion failing, when inline scripts are disabled.
* added docs
* fixed test
* added tests
* fixed due to comments
* Fixed docs due to comments
* extended TM configuration changes message with the possible errors description
* Initial commit
* Remove 'API' from title abbreviations
* Merge deprecated warning w/ alternative solution
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
* Added sync_master file for tracking/triggering PRs for merging master into feature branch
* removed unnecessary (temporary) markdown file
* Trusted apps by policy api (#88025)
* Initial version of API for trusted apps per policy.
* Fixed compilation errors because of missing new property.
* Mapping from tags to policies and back. (No testing)
* Fixed compilation error after pulling in main.
* Fixed failing tests.
* Separated out the prefix in tag for policy reference into constant.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [SECURITY_SOLUTION][ENDPOINT] Ability to create a Trusted App as either Global or Policy Specific (#88707)
* Create form supports selecting policies or making Trusted app global
* New component `EffectedPolicySelect` - for selecting policies
* Enhanced `waitForAction()` test utility to provide a `validate()` option
* [SECURITY SOLUTION][ENDPOINT] UI for editing Trusted Application items (#89479)
* Add Edit button to TA card UI
* Support additional url params (`show`, `id`)
* Refactor TrustedAppForm to support Editing of an existing entry
* [SECURITY SOLUTION][ENDPOINT] API (`PUT`) for Trusted Apps Edit flow (#90333)
* New API route for Update (`PUT`)
* Connect UI to Update (PUT) API
* Add `version` to TrustedApp type and return it on the API responses
* Refactor - moved some public/server shared modules to top-level `common/*`
* [SECURITY SOLUTION][ENDPOINT] Trusted Apps API to retrieve a single Trusted App item (#90842)
* Get One Trusted App API - route, service, handler
* Adjust UI to call GET api to retrieve trusted app for edit
* Deleted ununsed trusted app types file
* Add UI handling of non-existing TA for edit or when id is missing in url
* [Security Solution][Endpoint] Multiple misc. updates/fixes for Edit Trusted Apps (#91656)
* correct trusted app schema to ensure `version` is not exposed on TS type for POST
* Added updated_by, updated_on properties to TrustedApp
* Refactored TA List view to fix bug where card was not updated on a successful edit
* Test cases for card interaction from the TA List view
* Change title of policy selection to `Assignment`
* Selectable Policy CSS adjustments based on UX feedback
* Fix failing server tests
* [Security Solution][Endpoint] Trusted Apps list API KQL filtering support (#92611)
* Fix bad merge from master
* Fix trusted apps generator
* Add `kuery` to the GET (list) Trusted Apps api
* Refactor schema with Put method after merging changes with master
* WIP: allow effectScope only when feature flag is enabled
* Fixes errors with non declared logger
* Uses experimental features module to allow or not effectScope on create/update trusted app schema
* Set default value for effectScope when feature flag is disabled
* Adds experimentals into redux store. Also creates hook to retrieve a feature flag value from state
* Hides effectPolicy when feature flag is not enabled
* Fixes unit test mocking hook and adds new test case
* Changes file extension for custom hook
* Adds new unit test for custom hook
* Hides horizontal bar with feature flag
* Compress text area depending on feature flag
* Fixes failing test because feature flag
* Fixes wrong import and unit test
* Thwrows error if invalid feature flag check
* Adds snapshoot checks with feature flag enabled/disabled
* Test snapshots
* Changes type name
* Add experimentalFeatures in app context
* Fixes type checks due AppContext changes
* Fixes test due changes on custom hook
Co-authored-by: Paul Tavares <paul.tavares@elastic.co>
Co-authored-by: Bohdan Tsymbala <bohdan.tsymbala@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
Co-authored-by: Paul Tavares <paul.tavares@elastic.co>
Co-authored-by: Bohdan Tsymbala <bohdan.tsymbala@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
Currently we instantiate the Workplace Search app with server props passed in from the server on initial page load. This data includes the organization name. In our settings section, we poll the server to get update information, but once the data is change, the global state does not get updated on a route change. This is only a problem in the case where a user has changed their org name and returns to the overview page before reloading the page. When this happens, the onboarding step asking the user to change thier org name is still visible.
Co-authored-by: Scotty Bollinger <scotty.bollinger@elastic.co>
* Cherry-picking 7.12 find total fix
* Starting fix for total bug in master with new field
* Adding feature flag for sub cases
* Disabling case as a connector in security solution
* Adding additional tests for pagination
* Removing other api integration tests
* Fixing up problems from merge
* Fixing sub case tests and type errors
* Renaming comment tag for case connector