* wip
* First pass at standalone and embedded redux stores and usage
* wip
* First pass at standalone and embedded redux stores and usage
* wip
* clean up
* wip
* refact(NA): remove extra pkg_npm target and add specific target folders on @kbn/i18n
* cleanup
* - fixes type errors in tests
* WIP remove use_manage_timeline
* wip add query + selector
* finishing integrating timeline manage context from redux
* integrating t-grid in security solution
* fix RowRender type
* WIP begin to move components from package to plugin
* integration of t-grid inside of security solution
* wip to make redux work
* little trick to make it render
* - fixes a few type errors
* better integration betwen tgrid and security solutions
* bringing back tsconfig on timeline
* wip integration t-grid in observability
* fix types
* fix type in security solutions
* add type to import + trie dto get the bundle size as small as possible
* fix type in integration test
* fix type in integration test
* - fix tests
* clean up to use technical fields
* - fixes unit tests
* - mocks the `useDateFormat` function of the `useKibana` service to fix unit tests
* fix t-grid settings vs create timeline + fix inspect button
* fix last suites test
* Update unit tests, snapshots and lint
* Fix bad merge
* fix plugin export
* Fix some failing tests
* fix unit tets in timelines plugins
* fix latest test
* fix i18n
* free obs from t-grid
* Fix timeline functional plugin types
* fix store provider
* Update failing defaultHeader test
* Fix i18n usage in security solution
* Fix remaining i18n errors in timelines plugin
* Dedupe common shared types
* move drag and drop utils in package to avoid duplication
* More shared type cleanup
* add feature flag
* review I
* fix merge with master
* fix i18n translation
* More type deduping
* Use @kbn/common-utils, fix remaining types
* fix types
* fix tests
* missing type
* fix cypress tests
Co-authored-by: Kevin Qualters <kevin.qualters@elastic.co>
Co-authored-by: Tiago Costa <tiagoffcc@hotmail.com>
Co-authored-by: Andrew Goldstein <andrew.goldstein@elastic.co>
* add search syntax parsing logic
* fix ts types
* use type filter in providers
* move search syntax logic to the searchbar
* fix test plugin types
* fix test plugin types again
* use `onSearch` prop to disable internal component search
* add tag filter support
* add FTR tests
* move away from CI group 7
* fix unit tests
* add unit tests
* remove the API test suite
* Add icons to the SO results
* add test for unknown type / tag
* nits
* ignore case for the `type` filter
* Add syntax help text
* remove unused import
* hide icon for non-application results
* add tsdoc on query utils
* coerce known filter values to string
Co-authored-by: Ryan Keairns <contactryank@gmail.com>
* Moved `descriptiveName` from the 'common' event model into the panel view. It is now a component. Each type of event has its own translation string. Translation placeholders have more specific names.
* Reorganized 'breadcrumb' components.
* Use safer types many places
* Add `useLinkProps` hook. It takes `PanelViewAndParameters` and returns `onClick` and `href`. Remove a bunch of copy-pasted code that did the same.
* Add new common event methods to safely expose fields that were being read directly (`processPID`, `userName`, `userDomain`, `parentPID`, `md5HashForProcess`, `argsForProcess`
* Removed 'primaryEventCategory' from the event model.
* Removed the 'aggregate' total count concept from the panel
* The mock data access layer calle no_ancestors_two_children now has related events. This will allow the click through to test all panels and it will allow the resolver test plugin to view all panels.
* The `mockEndpointEvent` factory can now return events of any type instead of just process events.
* Several mocks that were using unsafe casting now return the correct types. The unsafe casting was fine for testing but it made refactoring difficult because typescript couldn't find issues.
* The mock helper function `withRelatedEventsOnOrigin` now takes the related events to add to the origin instead of an array describing events to be created.
* The data state's `tree` field was optional but the initial state incorrectly set it to an invalid object. Now code checks for the presence of a tree object.
* Added a selector called `eventByID` which is used to get the event shown in the event detail panel. This will be replaced with an API call in the near future.
* Added a selector called `relatedEventCountByType` which finds the count of related events for a type from the `byCategory` structure returned from the API. We should consider changing this as it requires metaprogramming as it is.
* Created a new middleware 'fetcher' to fetch related events. This is a stop-gap implementation that we expect to replace before release.
* Removed the action called `appDetectedNewIdFromQueryParams`. Use `appReceivedNewExternal...` instead.
* Added the first simulator test for a graph node. It checks that the origin node has 'Analyzed Event' in the label.
* Added a new panel test that navigates to the nodeEvents panel view and verifies the items in the list.
* Added a new panel component called 'Breadcrumbs'.
* Fixed an issue where the CubeForProcess component was using `0 0 100% 100%` in the `viewBox` attribute.
* The logic that calculates the 'entries' to show when viewing the details of an event was moved into a separate function and unit tested. It is called `deepObjectEntries`.
* The code that shows the name of an event is now a component called `DescriptiveName`. It has an enzyme test. Each event type has its own `i18n` string which includes more descriptive placeholders. I'm not sure, but I think this will make it possible for translators to provide better contextual formatting around the values.
* Refactored most panel views. They have loading components and breadcrumb components. Links are moved to their own components, allowing them to call `useLinkProps`.
* Introduced a hook called `useLinkProps` which combines the `relativeHref` selector with the `useNavigateOrReplace` hook.
* Removed the hook called `useRelatedEventDetailNavigation`. Use `useLinkProps` instead.
* Move various styled-components into `styles` modules.
* The graph node label wasn't translating 'Analyzed Event'. It now does so using a `select` expression in the ICU message.
* Renamed a method on the common event model from `getAncestryAsArray` to `ancestry` for consistency. It no longer takes `undefined` for the event it operates on.
* Some translations were removed due to code de-duping.
* More comments
* Adding tests for mapping without entity_id
* Removing unnecessary comments
* Fixing type errors
* Removing unnecessary import
* Fixups and style
* change 'data' state shape, nesting the tree fetcher data
* rename 'TreeFetcherParameters' from 'DatabaseParameters' to make it
more specific to the API it works on
* fix bug in 'equal' method of 'TreeFetcherParameters'`
* use mockTreeFetcherParameters method in tests that need to specify a
TreeFetcherParameters but when the value isn't relevant to the test
* Hide Resolver if there is no databaseDocumentID
* add doc comments
* Fixing test name and adding comments
* Pulling in roberts test name changes
* [Resolver] Only render resolver once we have a signals index
Co-authored-by: oatkiller <robert.austin@elastic.co>
Restore the resolverTest plugin. This will allow us to run the test plugin and try out Resolver using our mock data access layers. Eventually this could be expanded to support multiple different data access layers. It could even be expanded to allow us to control the data access layer via the browser. Another option: we could export the APIs from the server and use those in this test plugin.
We eventually expect other plugins to use Resolver. This test plugin could allow us to test Resolver via the FTR (separately of the Security Solution.)
This would also be useful for writing tests than use the FTR but which are essentially unit tests. For example: taking screenshots, using the mouse to zoom/pan.
Start using: `yarn start --plugin-path x-pack/test/plugin_functional/plugins/resolver_test/`
* add generic audit_trail service in core
* expose auditTraik service to plugins
* add auditTrail x-pack plugin
* fix type errors
* update mocks
* expose asScoped interface via start. auditor via request context
* use type from audit trail service
* wrap getActiveSpace in safeCall only. it throws exception for non-authz
* pass message to log explicitly
* update docs
* create one auditor per request
* wire es client up to auditor
* update docs
* withScope accepts only one scope
* use scoped client in context for callAsInternalUser
* use auditor in scoped cluster client
* adopt auditTrail plugin to new interface. configure log from config
* do not log audit events in console by default
* add audit trail functional tests
* cleanup
* add example
* add mocks for spaces plugin
* add unit tests
* update docs
* test description
* Apply suggestions from code review
apply @jportner suggestions
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* add unit tests
* more robust tests
* make spaces optional
* address comments
* update docs
* fix WebStorm refactoring
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* add skeleton for global_search plugin
* base implementation of the server-side service
* add utils tests
* add server-side mocks
* move take_in_array to common folder
* implements base of client-side plugin
* add tests for server-side service
* fix server plugin tests
* implement `navigateToUrl` core API
* extract processResults for the client-side
* fetch server results from the client side
* factorize process_results
* fix plugin start params
* move things around
* move all server types to single file
* fix types imports
* add basic FTR tests
* add client-side service tests
* add tests for addNavigate
* add getDefaultPreference & tests
* use optional for RequestHandlerContext
* add registerRoutes test
* add base test for context
* resolve TODO
* common nits/doc
* common nits/doc on public
* update CODEOWNERS
* add import for declare statement
* add license check on the server-side
* add license check on the client-side
* eslint
* address some review comments
* use properly typed errors for obs
* add integration tests for the find endpoint
* fix unit tests
* use licensing start contract
* translate the error message
* fix eslint rule for test_utils
* fix test_utils imports
* remove NavigableGlobalSearchResult, use `application.navigateToUrl` instead.
* use coreProvider plugin in FTR tests
* nits
* fix service start params
* fix service start params, bis
* I really need to fix this typecheck oom error
* add README, update missing jsdoc
* nits on doc
* add plugin own contract as third element of getStartServices result
* adapt plugins code
* update tests
* revert unknown to use void again
* update generated doc
* fix UT
* update mock to allow non-object `pluginStartContract`
* add @typeParam documentation
Resolver is a map. It shows processes that ran on a computer. The processes are drawn as nodes and lines connect processes with their parents.
Resolver is not yet implemented in Kibana. This PR adds a 'map' type UX. The user can click and drag to pan the map and zoom using trackpad pinching (or ctrl and mousewheel.)
There is no code providing actual data. Sample data is included. The sample data is used to draw a map. The fundamental info needed is:
process names
the parent of a process
With this info we can topologically lay out the processes. The sample data isn't yet in a realistic format. We'll be fixing that soon.
Related issue: elastic/endpoint-app-team#30
* Add functional tests for plugins to x-pack (so we can do a functional test of the Resolver embeddable)
* Add Endpoint plugin
* Add Resolver embeddable
* Test that Resolver embeddable can be rendered
