* chore(NA): upgrade into last ibazel version
* chore(NA): upgrade into latest ibazel version
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* merge multiple timestamp queries into one single search
* fix types and unit tests
* remove unused code for sending secondary search
* removes unused excludeDocsWithTimestampOverride
* adds integration tests to cover cases that should / should not generate signals when timestamp override is present in rule
* adds integration test to ensure unmapped sort fields do not break search after functionality of detection rules
* Need to figure out why moving the tests around fixed them...
* updates tests with new es archive data and fixes bug where exclusion filter was hardcoded to event.ingested :yikes:
* remove dead commented out code
* fixes typo in test file, removes redundant delete signals call in integration test, fixes logic for possibility of receving a null value in sort ids, removes unused utility function for checking valid sort ids
* a unit test for checking if an empty string of a sort id is present was failing because we moved the logic for checking that out of the build search query function and up into the big loop. So I moved that unit test into the search after bulk create test file.
* fix types
* removes isEmpty since it doesn't check for empty strings
* Remove "Global Output" heading from the flyout
* Tweak flyout description
* Tweak fleet server hosts input description
* Tweak ES hosts input description
* Tweak modal button
* Tweak confirmation modal callout title
* Tweak callout when fleet server hosts are modified
* Tweak callout when ES hosts are modified
* Fix i18n
* Remove period from title
* Add telemetry for new protection types and arrays of objects
* Add malware_signature to process.Ext + dll.Ext
* Fix comments for base fields
* Move naming convention disable to a line
* Fix unit test for rule.version
* Don't block standalone agent instructions when not using Fleet server yet
* Add service token instructions - UI only
* Add route for regenerating fleet server service token
* generate tokens instead of regenerate and add error catching and tests
* fix i18n typo
* i18n fix, add sudo, copy edits
* Fix commands
* Add missing test file
Co-authored-by: Nicolas Chaulet <nicolas.chaulet@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* condense waterfall chart visuals
* adjust font size of waterfall chart items to medium
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* adds snapshot test for getSignalsTemplate
* [CTI] Extracts non-ecs, non-signal mappings to separate file
* adds updated ECS mappings
* Normalize/clean up various mappings files
* Adds a wrapping "mappings.properties" around our extra mappings
* Spreads our other mappings similarly to ECS mappings
* Moves dynamic: false out of ECS mappings and into our main template
* Ensures we include 'threat.properties.indicator', since that's where
our 'type: nested' declaration resides
* Update ECS mappings snapshot post-1.9 updates
This updated snapshot reflects the mappings changes that one will receive when
migrating/rolling over to a 7.13 alerts index.
* Update signals template version as per guidelines.
The last released mappings update was #92928, which bumped from 24 ->
25. The few unreleased updates since then have increased this by 1, but
since these changes are going out with 7.13 we are bumping by 10 _since
the last release_, in order to give "room" for minor releases.
* Fix cypress test failure due to updated mappings
This magic number represents "the number of mapped fields that begin
with 'host.geo.c' and, because this PR adds a mapping for
host.geo.continent_code, the test needed to be updated.
Co-authored-by: Ece Ozalp <ozale272@newschool.edu>
* improve validation messages and add checks
* disable form switch if job created
* updated included fields message
* update top classes message
* update top classes success message
* [KQL] Skip slow wildcard checks when query is only *
* Fix case without index pattern
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Discover] Add runtime fields editor to mobile view
* Add a unit test
* Fix typescript issues
* Fixing layout on mobile
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Search Source] Fix field filtering
* Add more use-cases for source filtering
* Add more use-cases
* Change filtering to use fieldWildcardFilter
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Now the new EuiDataGrid based document table is the default
* Columns can be sorted by drag and drop
* Column width can be changed by drag and drop
* There's a fullscreen mode
* There's document selection
* There's document navigation in the flyover of a expanded document
* Sorting is much more user friendly, less confusing and sort order can be changed by drag and drop
* Fix flaky SO import tests
* [will be reverted] remove all tests from CI group 8
* Revert "[will be reverted] remove all tests from CI group 8"
This reverts commit ede007ec
* Revert "[will be reverted] remove all tests from CI group 8"
This reverts commit ede007ec
