Fixes the `extract-mitre-attacks` script and generates `v6.3` tactics and techniques. Will move to `7.x` as part of the structural changes to support sub-technique in https://github.com/elastic/kibana/issues/75771.
This is being used in other click* helpers, but was missing here.
Resulting in failures in #80399
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* [Discover] Deangularize context.app
* Add a unit test
* Addressing PR comments; fixin I18n provider; replacing kui with EUI code
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add code to display/hide UX section when appropriate.
* Suppress errors with link to dedicated issue.
* Fix typo in call to action.
* Remove type error suppression.
* deletes the created rule in the after hook
* fixes failing test
* changes rule deletion order
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
- Fixes a race condition where searches for data grid results with different parameters would return in different order with the wrong results on display. Fix uses a pattern to cancel useEffect callback for getIndexData().
- Fixes identifying pre 7.10 feature influence format for outlier detection and will display a callout on the results page with information for a workaround.
- To fix identifying the legacy format, some cleanup of other code relating to the old format had to be done. The ml results object field is no longer treated as a "special" field for outlier detection and is treated and retrieved in the same way as other fields.
- Adds an error callout if no Kibana index pattern is available for source/dest index.
* ExceptionIdentifiers -> ExceptionListIdentifiers
* Pass refreshRule through to alert context menu
* Fix type errors and rename refreshRule to onRuleChange for consistency
* Added Test for event.library
* renamed data directry and gzip data file
* rename expectedData file
* Changes per Charlie request
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Unskip EQL tests
These _should_ be fixed with the latest ES on master, but let's see if
CI disagrees.
* Wait until alerts have populated on Rule Details
Occasionally our tests hit a scenario where the rule has executed (its
status is "succeeded"), but the generated alerts have not populated in
the same time frame. In this case the test fails oddly, saying that the
"alert count" element is not there when it is.
I attempted to improve the error message by using a .should() with a
callback, but that lead to even stranger behavior as the .should() would
fail once (expected), and then not be able to find the element a second
time. :(
So we instead focus on fixing the real problem, here: wait until alerts
populate (have a non-zero count) before performing the assertion.
Because the page will not update automatically, we can't rely on
cypress' retryability and must instead assert, click Refresh, and assert
again, much like we're doing while waiting for the rule to execute. And
like `waitForTheRuleToBeExecuted`, we're using a while loop that has no
guarantee of ever exiting :(
* More robust cypress assertions
* Uses should with a text matcher instead of using invoke('text')
* Use of not.equal between a string and an element may have been a false
positive
* Perform cypress loops in a manner guaranteed to exit
We have a few tasks that require polling for some background work to be
completed. The basic form is: assert the byproduct, or refresh the page
and try again.
We were previously doing this with a while loop, which was not
guaranteed to ever complete, leading to cryptic failures if the process
ever hung.
Instead, this implements a safer polling mechanism with a definite
termination similar to the cypress-wait-until plugin.
* Update other specs that are asserting on alerts
* Do not automatically refresh the page
* This is only necessary if we're not in the state we need. The
`waitFor` helper functions automatically reload whatever needs to be
reloaded, so we're delegating this task to them.
* Ensure we wait for alerts to be nonzero before our assertion
* Otherwise we get some strange behavior around this field's
availability; see previous commits
* Remove unused import
* Fix false positive in Rule Creation specs
Threat Match Rules introduced an additional query input, causing our
CUSTOM_QUERY_INPUT to be ambiguous.
However, instead of failing due to the ambiguity, the behavior of
cypress seems to be to pass! While I haven't yet tracked down the cause
of these false positives, disambiguating these selectors is the
immediate fix.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
### Summary
This PR addresses the remaining query preview bugs.
- it adds index, and request information to eql inspect - it seems that for some reason the eql search strategy response returns `null` for the `params.body` in complete responses, but not in partial responses and does not include index info. As a workaround, I set the inspect info on partial responses and manually add index info
- added to-dos pointing this out in the code
- updated eql sequence queries preview to use the last event timestamp of a sequence to display the hits within a histogram
- it checks buckets length to determine noise warning for threshold rules, as opposed to total hit count
- remove unused i18n text
- fixes bug where threshold is being passed in for all rule types as it's always defined in the creation step, added a check to only pass through to `useMatrixHistogram` hook when rule type is threshold
