* Initial commit
* Add tests and support for concurrency
* Ability to disable functionality, use bulk APIs
* Fix type check
* Fix jest tests
* Cleanup
* Cleanup pt2
* Add unit tests
* Fix type check
* Fixes
* Update test failures
* Split schedule between cleanup and idle
* Add functional tests
* Add one more test
* Cleanup repeated code
* Remove duplicate actions plugin requirement
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This PR adds our runtime mappings, as defined on the Kibana Index Pattern, to job configurations (both log rate and log categories). It also flags outdated runtime mappings in the "outdated configuration" callout.
Co-authored-by: Felix Stürmer <stuermer@weltenwort.de>
* [ML] Moving file data vizualizer to file upload plugin
* removing maps plug dependency
* fixing imports
* small refactor
* adding missing endpoints
* fixing translations
* fxing table controls
* fixing types and disabling geo point test
* actually disabling geo point test
* making endpoints internal
* moving UI code to separate plugin
* enabling maps integration
* cleaning up dependencies
* fixing translation ids
* moving analyze file endpoint out of file upload plugin
* fixing transtations issues
* refactor for lazy loading of component
* updating limits
* updating plugin asciidoc
* code clean up
* further clean up
* adding comment
* fixing really obvious CI error
* removing commented out include
* reenabling geo point test
* fixing incorrectly changed import
* removing ml from labels and identifiers
* renaming function
* moving analyse file endpoint to file upload plugin
* reverting import path changes
* adding esUiShared back in
* fixing navigation tabs alignment in basic license
* adding key to tab wrapper
* reverting test label
* further removal of ml references
* removing ml label from more identifiers
* fixing tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* In add agent flyout, when selected policy contains fleet server, show same token and command steps from fleet server onboarding UI
* Fix types
* Move policy change handler to useCallback
* [Maps] show layer name in tooltip
* update snapshot
* add jest test for Header
* add comment for clarity
* add header element and classes to truncate text
* add layer icon in tooltip header
* handle case where layer does not exist
* tslint and update jest test and snapshot
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* chore(NA): upgrade into last ibazel version
* chore(NA): upgrade into latest ibazel version
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* merge multiple timestamp queries into one single search
* fix types and unit tests
* remove unused code for sending secondary search
* removes unused excludeDocsWithTimestampOverride
* adds integration tests to cover cases that should / should not generate signals when timestamp override is present in rule
* adds integration test to ensure unmapped sort fields do not break search after functionality of detection rules
* Need to figure out why moving the tests around fixed them...
* updates tests with new es archive data and fixes bug where exclusion filter was hardcoded to event.ingested :yikes:
* remove dead commented out code
* fixes typo in test file, removes redundant delete signals call in integration test, fixes logic for possibility of receving a null value in sort ids, removes unused utility function for checking valid sort ids
* a unit test for checking if an empty string of a sort id is present was failing because we moved the logic for checking that out of the build search query function and up into the big loop. So I moved that unit test into the search after bulk create test file.
* fix types
* removes isEmpty since it doesn't check for empty strings
* Remove "Global Output" heading from the flyout
* Tweak flyout description
* Tweak fleet server hosts input description
* Tweak ES hosts input description
* Tweak modal button
* Tweak confirmation modal callout title
* Tweak callout when fleet server hosts are modified
* Tweak callout when ES hosts are modified
* Fix i18n
* Remove period from title
* Add telemetry for new protection types and arrays of objects
* Add malware_signature to process.Ext + dll.Ext
* Fix comments for base fields
* Move naming convention disable to a line
* Fix unit test for rule.version
* Don't block standalone agent instructions when not using Fleet server yet
* Add service token instructions - UI only
* Add route for regenerating fleet server service token
* generate tokens instead of regenerate and add error catching and tests
* fix i18n typo
* i18n fix, add sudo, copy edits
* Fix commands
* Add missing test file
Co-authored-by: Nicolas Chaulet <nicolas.chaulet@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* condense waterfall chart visuals
* adjust font size of waterfall chart items to medium
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* adds snapshot test for getSignalsTemplate
* [CTI] Extracts non-ecs, non-signal mappings to separate file
* adds updated ECS mappings
* Normalize/clean up various mappings files
* Adds a wrapping "mappings.properties" around our extra mappings
* Spreads our other mappings similarly to ECS mappings
* Moves dynamic: false out of ECS mappings and into our main template
* Ensures we include 'threat.properties.indicator', since that's where
our 'type: nested' declaration resides
* Update ECS mappings snapshot post-1.9 updates
This updated snapshot reflects the mappings changes that one will receive when
migrating/rolling over to a 7.13 alerts index.
* Update signals template version as per guidelines.
The last released mappings update was #92928, which bumped from 24 ->
25. The few unreleased updates since then have increased this by 1, but
since these changes are going out with 7.13 we are bumping by 10 _since
the last release_, in order to give "room" for minor releases.
* Fix cypress test failure due to updated mappings
This magic number represents "the number of mapped fields that begin
with 'host.geo.c' and, because this PR adds a mapping for
host.geo.continent_code, the test needed to be updated.
Co-authored-by: Ece Ozalp <ozale272@newschool.edu>
