* update layout
* add utility bars
* add icon
* adding a route for exporting timeline
* organizing data
* fix types
* fix incorrect props for timeline table
* add export timeline to tables action
* fix types
* add client side unit test
* add server-side unit test
* fix title for delete timelines
* fix unit tests
* update snapshot
* fix dependency
* add table ref
* remove custom link
* remove custom links
* Update x-pack/legacy/plugins/siem/common/constants.ts
Co-Authored-By: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
* remove type ExportTimelineIds
* reduce props
* Get notes and pinned events by timeline id
* combine notes and pinned events data
* fix unit test
* fix type error
* fix type error
* fix unit tests
* fix for review
* clean up generic downloader
* review with angela
* review utils
* fix for code review
* fix for review
* fix tests
* review
* fix title of delete modal
* remove an extra bracket
Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Also move the hook use_ui_ace_keyboard_mode.tsx into es_ui_shared
This was defined (and used) in both Console and SearchProfiler.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* testing screenshots upload to google cloud
* testing another pattern
* fixes artifact pattern
* uploads only the .png files
* only limit uploads from kibana-siem directory
Co-authored-by: spalger <spalger@users.noreply.github.com>
* [canvas/shareable_runtime] sync sass loaders with kbn/optimizer
* limit sass options to those relevant in this context
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Fix updating of ML rules
* Add a regression test for updating ML Rules
* Allow ML Rules to be patched
And adds a regression unit test.
* Allow ML rule params to be imported when overwriting
* Add a basic regression test for creating a rule with ML params
* Prevent users from changing an existing Rule's type
* boundary test for first alert retrieval
* boundary test for first alert retrieval cleaned up
* redo merge conflict resolving for api test
* redo merge conflict resolving for api test try 2
* updating to current dataset expectations
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
- Fixes regression caused by elastic/elasticsearch#53572.
- Adjusts the TS mappings and code to reflect the newly returned API response.
- Re-enables functional tests.
* WIP trying things.
Add new alert type for Uptime.
Add defensive checks to alert executor.
Move status check code to dedicated adapter function.
Clean up code.
* Port adapter function to dedicated file.
* WIP.
* Working on parameter selection.
* Selector expressions working.
* Working on actions.
* Change anchor prop for popovers.
* Reference migrated alerting plugin.
* Clean up code for draft.
* Add button to expose flyout. Clean up some client code.
* Add test for requests function, add support for filters.
* Reorganize and clean up files.
* Add location and filter support to monitor status request function.
* Add tests for monitor status request function.
* Specify default action group id in alert registration.
* Extract repeated string value to a constant.
* Move test file to server in NP plugin.
* Update imports after NP migration.
* Fix UI bug that caused incorrect location selections in alert creation.
* Change alert expression language to clarify meaning.
* Add ability for user to select timerange units.
* Add code that fixes active item highlighting.
* Add better default value for active index selection.
* Introduce dedicated field number component.
* Add message to status check alert.
* Add tests for context message.
* Formalize alert action group definitions.
* Extract monitor id squashing from context message generator.
* Write test for monitor ID uniqueness function.
* Add alert state creator function and tests.
* Update action group id value.
* Add tests for alert factory and executor function.
* Rename alert context props to be more domain-specific.
* Clean up unnecessary type markup.
* Clean up alert ui controls file.
* Better organize new registration code.
* Simplify some logic code.
* Clean up bootstrap code.
* Add unit tests for alert type.
* Delete temporary test code from triggers_actions_ui.
* Rename a test file.
* Add some comments to annotate a file.
* Add io-ts type checking to alert create validation and alert executor.
* Add translation of plaintext content string.
* Further simplify monitor status alert validation.
* Add io-ts type checking to alert params.
* Update a comment.
* Prefer inline snapshots to more error-prone assertions.
* Clean up and comment request function.
* Rename a symbol.
* Fix broken types in reducer file and add a test.
* Fix a validation logic error and add tests.
* Delete unused import.
* Delete obsolete dependency.
* Fix function call to have correct parameters.
* Fixing some import weirdness.
* Reintroduce accidentally-deleted code.
* Delete unneeded require from legacy entry file.
* Remove unneeded connected component.
* Update flyout controls for new interface and delete connected components.
* Remove unneeded require from app index file.
* Introduce data-test-subj attributes to various components to assist with functional tests.
* Introduce functional test helpers for alert flyout.
* Add functional test arch and a test for alerting UI to ES SSL test suite.
* Add explicit exports to module index.
* Reorganize file to keep interfaces closer to their implementations.
* Move create alert button to better position.
* Clean up a file.
* Update a functional test attribute, clean up a file, rename a selector, add tests.
* Add a comment.
* Make better default alert message, translate messages, add/update tests.
* Fix broken type.
* Update obsolete snapshot.
* Introduce mock provider to tests and update snapshots.
* Reduce a strange type to `any`.
* Add alert flyout button connected component.
* Add alert flyout wrapper connected component.
* Create connected component for alert monitor status alert.
* Clean up index files.
* Update i18nrc file to cover translation in server plugin code.
* Fix broken imports.
* Update test snapshots.
* Prefer more descriptive type.
* Prefer more descriptive type.
* Prefer built-in React propType to custom.
* Prefer simpler validation.
* Add whitespace to clean up file.
* Extract function and write tests.
* Simplify validation function.
* Add navigate to alerting button.
* Move context item inside the items list.
* Clean up alert creation component.
* Update type check parsing and error messaging, and update snapshot/test assertions.
* Update broken snapshot.
* Update README for running functional tests.
* Update functional test service to reflect improved UX.
* Fix broken type that resulted from a mistake during a merge resolution.
* Add spacer between alert title and kuery bar.
* Update the id and name of our alert type because it was never changed from placeholder value.
* Rename alert keys.
* Fix broken unit tests.
* Add aria-labels to alert UI.
* Implement design feedback.
* Fix broken test snapshots.
* Add missing props to unit tests to staisfy updated types.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Clean up use of ace in autocomplete in public
Remove ace from lib/autocomplete.ts and set up hooking up of ace
in legacy_core_editor. Also remove use of ace mocks in tests.
* Added TODO in lib/kb (console public)
* Server-side cleanup
Refactored the loading of spec into a new SpecDefinitionsService.
In this way, state can be contained inside of the service as much
as possible. Also converted all JS spec to TS and updated the
Console plugin contract so that processors (which alter loaded
spec) happen at plugin "start" phase.
* Fix types
* Small refactor
- Updated naming of argument variable in registerAutocompleter
- Refactored the SpecDefinitionsService to handle binding of
it's own functions
* Public in WiP state, removed all 'ui/' imports
* First iteration of public shimmed and working
* A whole lotta WIP server side
* Server-side to using the NP router + client side changes
Updated the client code to properly encode requests to the
server. Did first E2E test.
Route tests are probably broken, need to fix them.
* Removed unused error wrapping code
* Update client Jest tests
* Add breadcrumbs service mock
* Fix server side Jest tests
* Add helper functions file for server side Jest tests
* Fix API integration tests
* Fixed boolean logic mistake in due to refactor in index mgmt ext.
Also migrated to the a more NP friendly version of index mgmt
extension.
* Remove unused import
* Clean up some cruft and refactor URL variable names
* Fix stringification of body and fix boolean server logic
* Fix mocha
Folder called __tests__ with Jest tests was breaking mocha.
* Refactor to Jest test
* Fix types issues in jest test
* Migrate to new config-schema API
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Adds Navigation APIs to Alerting.
Parts to this PR:
Adds a client side (Public) plugin to Alerting, including two APIs: registerNavigation & registerDefaultNavigation. These allow a plugin to register navigation handlers for any alerts which it is the consumer of- one for specific AlertTypes and one for a default handler for all AlertTypes created by the plugin.
The Alert Details page now uses these navigation handlers for the View In App button. If there's an AlertType specific handler it uses that, otherwise it uses a default one and if the consumer has not registered a handler - it remains disabled.
A generic Alerting Example plugin that demonstrates usage of these APIs including two AlertTypes - one that always fires, and another that checks how many people are in Outer Space and allows you to trigger based on that. 😉 To enable the plugin run yarn start --ssl --run-examples
* Add async search strategy
* Add async search
* Fix async strategy and add tests
* Move types to separate file
* Revert changes to demo search
* Update demo search strategy to use async
* Add async es search strategy
* Return response as rawResponse
* Poll after initial request
* Add cancellation to search strategies
* Add tests
* Simplify async search strategy
* Move loadingCount to search strategy
* Update abort controller library
* Bootstrap
* Abort when the request is aborted
* Add utility and update value suggestions route
* Fix bad merge conflict
* Update tests
* Move to data_enhanced plugin
* Remove bad merge
* Revert switching abort controller libraries
* Revert package.json in lib
* Move to previous abort controller
* Add support for frozen indices
* Fix test to use fake timers to run debounced handlers
* Revert changes to example plugin
* Fix loading bar not going away when cancelling
* Call getSearchStrategy instead of passing directly
* Add async demo search strategy
* Fix error with setting state
* Update how aborting works
* Fix type checks
* Add test for loading count
* Attempt to fix broken example test
* Revert changes to test
* Fix test
* Update name to camelCase
* Fix failing test
* Don't require data_enhanced in example plugin
* Actually send DELETE request
* Use waitForCompletion parameter
* Use default search params
* Add support for rollups
* Only make changes needed for frozen indices/rollups
* Only make changes needed for frozen indices/rollups
* Add back in async functionality
* Fix tests/types
* Fix issue with sending empty body in GET
* Don't include skipped in loaded/total
* Don't wait before polling the next time
* Add search interceptor for bulk managing searches
* Simplify search logic
* Fix merge error
* Review feedback
* Add service for running beyond timeout
* Refactor abort utils
* Remove unneeded changes
* Add tests
* cleanup mocks
* Update src/legacy/core_plugins/kibana/public/dashboard/np_ready/dashboard_app.html
Co-Authored-By: Lukas Olson <olson.lukas@gmail.com>
Co-authored-by: Lukas Olson <olson.lukas@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR adds basic functional tests for the file data visualizer, covering a file import and error messages for non-log files. It also moves the file input path handling to a common location in order to avoid code duplication.
## Summary
* https://github.com/elastic/kibana/issues/60022
* Adds the feature flag for simple list values
* Adds the boolean filters of "and", "and not" to further filter based on simple values
* Adds unit tests and e2e tests for the values.
* Most tests can include the simple list values but some have to be skipped until we move those to more functions or just enable simple list values as a permanent feature.
* DOES NOT FILTER ON THE VALUES JUST YET (That will be a follow on PR)
## Testing:
To turn on/off the feature flag do this with an env variable (set this in your .bashrc/.zshrc):
```ts
export ELASTIC_XPACK_SIEM_LISTS_FEATURE=true
```
Expect to see this error in the console when the environment variable is set:
```ts
server log [11:41:16.245] [error][plugins][siem] You have activated the lists feature flag which is NOT currently supported for SIEM! You should turn this feature flag off immediately by un-setting the environment variable: ELASTIC_XPACK_SIEM_LISTS_FEATURE and restarting Kibana
```
Expect create and update to work when the environment variable is set and look like this:
```ts
./update_rule.sh ./rules/updates/update_list.json
{
"created_at": "2020-03-15T17:42:37.074Z",
"updated_at": "2020-03-15T17:54:22.427Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "c602e3f6-713b-4f43-9bdd-b60fbfead1c5",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 6,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
}
]
}
],
"status": "succeeded",
"status_date": "2020-03-15T17:42:40.718Z",
"last_success_at": "2020-03-15T17:42:40.718Z",
"last_success_message": "succeeded"
}
```
```ts
./post_rule.sh ./rules/queries/query_with_list.json
{
"created_at": "2020-03-15T17:42:37.074Z",
"updated_at": "2020-03-15T17:42:37.116Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "c602e3f6-713b-4f43-9bdd-b60fbfead1c5",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 1,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
},
{
"name": "mothra",
"type": "value"
}
]
}
]
}
```
```ts
./patch_rule.sh ./rules/patches/update_list.json
{
"created_at": "2020-03-15T18:02:52.434Z",
"updated_at": "2020-03-15T18:02:57.675Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "40b7c2fb-83b4-4820-bf7c-056f3a631126",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 1,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
},
{
"name": "mothra",
"type": "value"
}
]
}
],
"status": "succeeded",
"status_date": "2020-03-15T18:02:56.426Z",
"last_success_at": "2020-03-15T18:02:56.426Z",
"last_success_message": "succeeded"
}
```
```ts
./get_rule_by_rule_id.sh query-with-list
{
"created_at": "2020-03-15T18:10:07.657Z",
"updated_at": "2020-03-15T18:10:08.479Z",
"created_by": "yo",
"description": "Query with a list",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "9854162b-003c-47be-af59-8c3c9545aafa",
"immutable": false,
"interval": "5m",
"rule_id": "query-with-list",
"language": "kuery",
"output_index": ".siem-signals-hassanabad-frank-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a list",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "yo",
"tags": [],
"to": "now",
"type": "query",
"threat": [],
"version": 1,
"lists": [
{
"field": "source.ip",
"boolean_operator": "and",
"values": [
{
"name": "127.0.0.1",
"type": "value"
}
]
},
{
"field": "host.name",
"boolean_operator": "and not",
"values": [
{
"name": "rock01",
"type": "value"
},
{
"name": "mothra",
"type": "value"
}
]
}
],
"status": "going to run",
"status_date": "2020-03-15T18:10:10.738Z"
}
```
Expect these errors when the environment variable is not set:
```ts
./post_rule.sh ./rules/queries/query_with_list.json
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: child \"lists\" fails because [\"lists\" is not allowed]"
}
```
```ts
./update_rule.sh ./rules/queries/query_with_list.json
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: child \"lists\" fails because [\"lists\" is not allowed]"
}
```
```ts
./patch_rule.sh ./rules/patches/update_list.json
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: child \"lists\" fails because [\"lists\" is not allowed]"
}
```
Expect that this is _backwards_ compatible with the feature flag but not necessarily _forwards_ compatible. This means:
* You can have older data that never had lists and it will show up as an empty list when you query it. (backwards compatible)
* You _might_ have lists and remove the env. variable and get back items as if the list was not there for (forwards compatible)
* You can export without lists, flip on the env flag and import with newer lists feature (backwards compatible)
* You can export lists and it will _not_ work with an older system (not forwards compatible)
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
* Initial Commit
Update to ESDocs datasource per team feedback
* Updates
Updates per Ryan's mockups
* Updates II
Updates per Poff's review
* Updates III
Update to some of the verbiage and card sizes - working on re-ordering and adding a link to the lucen query syntax
* design tweaks
* Adding lucene hyperlink
update to add hyperlink help for Lucene query syntax
* Consollidating datasources to sort
Consolidating the ESDocs datasource with the rest, so that we can order them
* updates for i18n
updates for i18n
* Updates
Updates from Gail for verbiage and integrating Ryan's change for style
* Update ui.ts
Updates for i18n
* Updates for datasource order
moving the esdocs datasource to live with the rest of the UI datasources, and sorting them accordingly.
* Update datasource_component.js
removing console log, whoops
* Update ui.ts
Update to fix i18n essql issue
* Update ui.ts
Updates to fix i18n references for the esdocs datasource move
* Update to Timelion URL
I noticed that the Timelion datasource showed "Lucene query syntax" which wasn't relevant, so I updated it to "Timelion", along with a tutorial, as the link for current Timelion docs does not provide any syntax tutorial.
* Update ui.ts
update for i18n
* Update ui.ts
update for i18n
* Update ui.ts
Update to removed unused value - the i18n check gave me latent errors, sorry for the repost
* i18n updates
Updating nomenclature to get past i18n errors
* Updates
Code review updates to remove extraneous code
* Update timelion.js
update to remove extraneous comment per code review
* More i18n updates
translation updates to accommodate the esdocs datasource move
* Update datasource_component.js
Update to toggle datasource icon in selected element mode
* Update ui.ts
hopefully last i18n fix
Co-authored-by: Ryan Keairns <contactryank@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
