## Summary
Increases the pre-packaged socket timeout and chunks the requests. Existing e2e tests should cover the changes. Interesting enough, when the server sends back a 408, Chrome will re-send the same request again which can cause socket/network saturations. By increasing the timeout, Chrome will not resend the same request again on timeout.
Right now, there is not a way to increase the timeouts for the alerting framework/saved objects as far as I know for connections. That would be an additional safety measure in additional to doing chunked requests. Chunked requests will ensure that the pre-packaged rule does not exhaust ephemeral ports and limit the concurrent requests.
See this issue talked about below:
https://github.com/sindresorhus/ky/issues/233https://groups.google.com/a/chromium.org/g/chromium-dev/c/urswDsm6Pe0https://medium.com/@lighthopper/connection-retry-schedule-in-chrome-browser-a9c814b7dc20
**Manual testing**
You can bump up the rule version numbers manually through a search and replace and then install them. You can add a `console.trace()` to the backend and slow down the requests to ensure they are not happening more than once.
```
Trace:
at updatePrepackagedRules (/Users/frankhassanabad/projects/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rules/update_prepacked_rules.ts:34:11)
at createPrepackagedRules (/Users/frankhassanabad/projects/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.ts:140:9)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at /Users/frankhassanabad/projects/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.ts:66:27
at Router.handle (/Users/frankhassanabad/projects/kibana/src/core/server/http/router/router.ts:272:30)
at handler (/Users/frankhassanabad/projects/kibana/src/core/server/http/router/router.ts:227:11)
at exports.Manager.execute (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/request.js:371:32)
at Request._execute (/Users/frankhassanabad/projects/kibana/node_modules/@hapi/hapi/lib/request.js:279:9)
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* added osquery mode to autocomplete
* clean up and formatting
* arm wrestling with the compiler
* more fighting with ace types
* Delete v4.5.0.json
removed unused schema file
* playing the hokey pokey with import statements
* lazy load the schema file
* remove include rule now that we are lazy loading schema json
* update out of date comment
* reduce schema file to what is currently being used, add script for formatting generated api files
* added a readme, and points the compiler at the scripts directory
* swip-swapped the argument order, fixed linting complaints
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Creates a new plugins, maps_ems, with `map.*` configs and shared EMS-settings. `maps_legacy` now only supports the `region_map` and `coordinate_map` plugins.
### Summary
Addresses #92732
7.11+ versions of threshold preview histogram were aggregating by "event.category". This PR updates the preview histogram to take into account threshold field groups and cardinality.
It may need to be called out in documentation or updated to remind users that preview is not an exact guarantee of what signals will be produced as it does not take into account interval and any timestamp_override. Threshold gets a tad bit more confusing because of the multiple aggregations occurring (threshold --> group by field --> histogram).
* [Metrics UI] Use memory limit for K8S when available
* removing duplicate key
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Problem
There's a circular dependency https://github.com/elastic/kibana/issues/91111 between the `fleet` and `security_solution` plugins
* `security_solution` depends on `fleet`, but
* `fleet` has (_had_ with this PR) an `import` from `security_solution` (migrations for the 7.11 and 7.12 package policy objects)
## Proposed solution
### (A) This PR
Move the two imported functions from `security` into `fleet`.
### (B) Follow up issue
Putting integration-specific code into `fleet` doesn't scale (technically or cognitively). Discuss if this use case (specifying saved object migrations, etc) applies to other plugins. e.g. can `apm` do this? `nginx`? If so, should we find a way to move this out of `fleet`?
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
closes https://github.com/elastic/kibana/issues/91111
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add server side API routes & update types expected from server
* Create CurationLogic with GET and PUT listeners
- PUT is mostly placeholder for now, we'll actually use it later in future Curation PRs
* Create Curation view component & page load effect
* Update CurationsRouter to use new view + remove add_result route
- Per design discussion w/ Davey, we'll be removing the standalone add result route in favor of an in-page flyout
* Fleet: adds new service for Artifact storage management
* Fleet: Expose new `createArtifactsClient()` from Fleet `Plugin#start` interface
* Endpoint: Change Endpoint to use FleetArtifactClient and initial implementation of EndpointArtifactClient
* Endpoint: Add `fleetServerEnabled` feature flag to security solution plugin (will be used in next PR)
* Endpoint: Artifact download api adjusted to get artifact from fleet index
* Endpoint: Added new esArchive for artifacts stored in .fleet-artifacts index for API integration tests
* Add custom actions prop to Result component
- will be used by upcoming Curations work to promote and hide documents
* Add Result custom actions to library
+ [misc] export main Result component from index
This PR addresses a potential problem that we have *not yet* encountered in the wild, but could in theory happen.
When choosing the sort value to use as the value of the `latestTimestamp` in the ES Query Rule Type, we assumed that the sort value would be parsable as a Date.
In this PR we ensure we only try to use a sort value *if* it can be parsed into a date.
* Update text and icons to align with Cloud
* Update test to reflect new page title prefix
* Change links conditionally
* Simplify profile link logic
* Add setAsProfile prop for overriding default link
* Address feedback
* remove translations since message has changed
* Tidying up
* Add unit tests.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
* [ML] Adding support for saved object based ml modules
* updating icon mapping
* cleaning up code
* missed private variable
* removing mappings json file
* renaming module id
* updating test
* removing unrelated file
* type clean up
* changing logo type
* changes based on review
* removing fleet changes
* updating type guards
* fixing list module return type
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Remove request facade and update search strategies
* Use typescript
* Type files
* Update structure
* Update tests
* Type annotations
* Fix type for infra
* Type editor_controller
* Type vis_editor
* Type vis_picker
* Fix types
* Type panel_config
* Fix vis data type
* Enhance types
* Remove generics
* Use constant
* Update docs
* Use empty object as default data
* Fix merge conflict
* Fix test suite name
https://github.com/elastic/kibana/pull/94038/files#r590545670
* Move types out of AttributeSelector component to shared types
* Fix random typo
* Add routes and path generator util
* Move constants to shared
* Fix types in mock
* Fix routes
* Fix failing tests
* Make indicator enrichment tests order-independent
Due to the fact that we use named queries to determine matches, and the
fact that the order in which named queries are returned is undefined, we
cannot guarantee a consistent ordering of enrichments if a given event
matches multiple named queries.
Because the ordering is not in itself important to enrichment, in order
to assert the multi-match functionality we must make the assertions
order independent.
* PR feedback
* Since we're only looping for side effects, prefer forEach to map for
more idiomatic FP.
* Remove redundant "_" from icon names
* Move all icons from sources_full_bleed to source_icons
Overwrite existing icons in case of conflicts
* Remove fullbleed prop from source_icon
* Minimize the only unminimized icon
* Remove unused icons
