* update extra action on rule detail to match design
* remove experimental label
* allow pre-package to be deleted + do not allow wrong user to create pre-packages rules
* Additional look back minimum value to 1
* fix flow with edit rule
* add success toaster when rule is created or updated
* Fix Timeline selector loading
* review ben doc + change detectin engine to detection even in url
* Succeeded text size consistency in rule details page
* fix description of threats
* fix test
* fix type
* fix internatinalization
* adding pre-packaged rules
* fix bug + enhance ux
* unified icon
* fix i18n
* fix bugs
* review I
* review II
* add border back
* [Maps] show field icons in data driven styling field select
* only show origin group label when there is more then one origin
* review feedback
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
When we originally implemented Saved Queries we had them overwrite pinned filters on load and on clear. This caused the issue in #53258. If you have a saved query loaded in Discover for example and you navigate to a different app and then back to Discover, that saved query will get get reloaded since app state is retained when navigating back and forth between apps. If you created a pinned filter in between visits to Discover, it will get removed when the saved query is reloaded.
This issue made me reconsider our previous decision. I think pinned filters should not be affected by loading or clearing a saved query, since they are pinned they should only be removed if the user explicitly asks for it. This solves the reported issue and I also think it makes the UI more intuitive.
- added `stop()`/`start()` methods to the Saga Middleware creator factory
- adjust tests based on changes
- changed application `renderApp` to stop sagas when react app is unmounted
* Handle locations with names but no geo data.
* Fix broken types, add a comment explaining some weird ts-related code.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Fix Monitoring plugin Elasticsearch SSL config
Plugin now allows "keystore" and "truststore" values in its
config schema as the documentation currently states.
Plugin also now reads PEM and PKCS12 files off of the filesystem
before attempting to create an Elasticsearch client.
* Add missing Elasticsearch config deprecations
Several Elasticsearch config deprecations were overlooked for
monitoring-specific Elasticsearch settings.
* deprecate msearch
* Missing export
* adjust tests, revert loading method of esaggs/boot
* getInjectedMetadata
* Fix jest tests
* update default strategy abort test
* notice update
* Allow running discover errors test independently
* Remove batchSearches
* Detect painless script error
* don't show notifications for aborted requests
* Fix jest tests
* Restore loader indicator
* Decreace loading count on error
* update search test
* Trigger digest after fetching fresh index patterns
* Revert isEqual
* accurate revert
* Return full error details to client from search endpoint
* Re-throw AbortError from http when user aborts request.
* fix typo
* typo
* Adjust routes jest test
* Restore msearch using a separate es connection
* typescript fixes
* set http service mock
* Move es client to dat aplugin, for follow up PR
* Add karma mock
* krma mock
* fix tests
* ts
* Pass in version dynamically
* add headers to esClient host
* Restored fetch soon test
Use tap for loadingCount side effects
* Cleanup search params
* Cleanup search params test
* Revert "Cleanup search params"
This reverts commit ca9dea01d5.
* Revert "Cleanup search params test"
This reverts commit 30b9478612.
* Revert code to use old es client until #44302 is resolved
* Revert changes to getPainlessError
* Fix jest test
* Refactor esClient to trigger loadingIndicator
* fixing tests
* use esClient from searchService
* git remove comment
* fix jest
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Remove angular dependencey from vis/tooltip
* Move tooltip logic into vislib
* Remove and fix all ngMock refs in vislib tests
* Add numeral to renovate config
* Add vis_type_vislib to codeowners
* Move vis_legend into vislib and fix errors
* vis_type_vislib/public imports to be only top-level
* [ML] formatting for additional timing and model size stats
* [ML] roundToDecimalPlace only average search time
* [ML] adjust functional tests
* [ML] remove debug tag, fix assert value
* [ML] check for no decimal place
* [ML] fix functional tests
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Fix z-index of logs page toolbar
* Extract `FixedDatePicker` from log setup page, and use it in the stream page
* Clean unused import
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
- Fixes passing on the severity value correctly to anomaly explorer charts. The wrong value of undefined being passed down caused anomaly markers not showing up.
- This bug surfaced that the severity value was never applied to filter multi-bucket anomalies which is now also fixed by this PR.
- Adds a check if topInfluencers is an array.
* adds logic for returning / updating status when a rule is switched from enabled to disabled and vice versa.
* update response for find rules statuses to include current status and failures
* update status on demand and on enable/disable
* adds ternary to allow removal of 'let'
* adds savedObjectsClient to the add and upate prepackaged rules and import rules route.
* fix bug where convertToSnakeCase would throw error 'cannot convert null or undefined to object' if passed null
* genericize snake_case converter and updates isAuthorized to snake_case (different situation)
* renaming to 'going to run' instead of executing because when task manager exits because of api key error it won't write the error status so the actual status is 'going to run' on the next interval. This is more accurate than being stuck on 'executing' because of an error we don't control and can't write a status for.
* fix missed merge conflict
Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
* update extra action on rule detail to match design
* remove experimental label
* allow pre-package to be deleted + do not allow wrong user to create pre-packages rules
* Additional look back minimum value to 1
* fix flow with edit rule
* add success toaster when rule is created or updated
* Fix Timeline selector loading
* review ben doc + change detectin engine to detection even in url
* Succeeded text size consistency in rule details page
* fix description of threats
* fix test
* fix type
* fix internatinalization
* Update x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/create/translations.ts
Co-Authored-By: Garrett Spong <spong@users.noreply.github.com>
* Update x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/edit/translations.ts
Co-Authored-By: Garrett Spong <spong@users.noreply.github.com>
* Update x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/step_schedule_rule/schema.tsx
Co-Authored-By: Garrett Spong <spong@users.noreply.github.com>
* review I
* fix type
Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
## Summary
Fixes regression with immutable caused from:
https://github.com/elastic/kibana/pull/55004
* Updated types of Prepackaged
* Updated unit tests
* Fixed unit test for it
Testing:
```
./post_rule.sh
{
"created_at": "2020-01-17T19:11:31.813Z",
"updated_at": "2020-01-17T19:11:31.813Z",
"created_by": "elastic_kibana",
"description": "Query with a rule_id that acts like an external id",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "41ef6309-ef98-4c9f-8d2d-90a070361fb7",
"immutable": false,
"interval": "5m",
"rule_id": "query-rule-id",
"language": "kuery",
"output_index": ".siem-signals-frank-hassanabad-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a rule id",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "elastic_kibana",
"tags": [],
"to": "now",
"type": "query",
"threats": [],
"version": 1
}
```
Then get the saved object using whatever the id is comes back from above. In this example it is 41ef6309-ef98-4c9f-8d2d-90a070361fb7, yours will be different
```
./get_saved_objects.sh alert 41ef6309-ef98-4c9f-8d2d-90a070361fb7
{
"id": "41ef6309-ef98-4c9f-8d2d-90a070361fb7",
"type": "alert",
"updated_at": "2020-01-17T19:11:32.844Z",
"version": "WzY5NTQsMV0=",
"attributes": {
"name": "Query with a rule id",
"tags": [
"__internal_rule_id:query-rule-id",
"__internal_immutable:false"
],
"alertTypeId": "siem.signals",
"consumer": "siem",
"params": {
"createdAt": "2020-01-17T19:11:31.813Z",
"description": "Query with a rule_id that acts like an external id",
"ruleId": "query-rule-id",
"index": null,
"falsePositives": [],
"from": "now-6m",
"immutable": false,
"query": "user.name: root or user.name: admin",
"language": "kuery",
"outputIndex": ".siem-signals-frank-hassanabad-default",
"savedId": null,
"timelineId": null,
"timelineTitle": null,
"meta": null,
"filters": null,
"maxSignals": 100,
"riskScore": 1,
"severity": "high",
"threats": [],
"to": "now",
"type": "query",
"updatedAt": "2020-01-17T19:11:31.813Z",
"references": [],
"version": 1
},
"schedule": {
"interval": "5m"
},
"enabled": true,
"actions": [],
"throttle": null,
"apiKeyOwner": "elastic_kibana",
"createdBy": "elastic_kibana",
"updatedBy": "elastic_kibana",
"createdAt": "2020-01-17T19:11:32.245Z",
"muteAll": false,
"mutedInstanceIds": [],
"scheduledTaskId": "2c5cc340-395d-11ea-9276-d3c1c264ca9a"
},
"references": []
}
```
Ensure you have the internal immutable of "__internal_immutable:false" In your tags
Next test is to do a find filter of non-packaged rules:
```
./find_rule_by_filter.sh "alert.attributes.tags:%20%22__internal_immutable:false%22"
```
You should get back the above rule any others you created.
### Checklist
Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.
~~- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~~
~~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~~
~~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~~
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
~~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~~
### For maintainers
~~- [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~~
- [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
* Use our internal uiSettings mock in all context mocks
We were previously only using our internal uiSettings mock (which
returns real values) in our TestProviders component, as
all tests either needed:
* specific mocks, in which case we'd call jest.mock() ourselves
* broad mocks, for which platform's kibana_react mocks were usually
sufficient
However, a recent addition in the Timeline component added a usage of
uiSettings that could not use the default mock.
With this change, one can either jest.mock('lib/kibana') or use the
TestProviders wrapper to get real values for UI settings in test.
* Remove production code guarding against tests
This coalescence was due to the service not being properly mocked in
test, which is now fixed.
* WIP Fixing map tiles and such
* Small comment and importing map from dolash
* Better destructuring and comments
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>