- A previous PR introduced a regression where only runtime fields would show up in the analytics wizard's source index preview. The code for transforms and analytics is a bit different so this regression didn't occur in transforms.
- This PR fixes the problem and cleans up use_index_data.ts for the analytics wizard to remove some duplicate code to determine runtime field mappings.
- Async fetch functions have been refactored to named function expressions and moved inside their corresponding useEffect calls (this change caused most of the diff).
- combinedRuntimeMappings has been moved to an outer useMemo so it doesn't have to be generated in multiple places.
- getIndexData has been renamed to fetchIndexData to indicate it's an async call getting remote data and to be in line with the other function names.
* show operator dropdown for path field
refs elastic/security-team/issues/543
* update translation to use consistent values
refs elastic/security-team/issues/543
* update schema to validate path values
refs elastic/security-team/issues/543
* add tests for field and operator values
refs elastic/security-team/issues/543
* review changes
refs elastic/security-team/issues/543
* update schema to enforce dropdown validation for PATH field
refs elastic/security-team/issues/543
* add tests for schema updates
refs 1deab39453
refs elastic/security-team/issues/543
* optimise dropdown list for re-renders
refs elastic/security-team/issues/543
* align input fields and keep alignments when resized
refs elastic/security-team/issues/543
* correctly enter operator data on trusted app CRUD
refs elastic/security-team/issues/543
* update tests
refs 2ac56ee839
refs elastic/security-team/issues/543
* remove redundant code
review changes
* better type assertion
review changes
* move operator options out of component
- these do not depend on component props and thus no need to have it within a useMemo callback.
- review changes
* derive keys from operator entry field
review changes
* update type
* use custom styles for aligning input fields
review changes
* add a custom type for trusted_apps operator
undo changes from list plugin and server/lib/detection_engine
refs 2ac56ee839
refs elastic/security-team/issues/543
* add wildcard entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* use the new entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update tests
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update name for wildcard type so that it can be used also for cased inputs
refs elastic/security-team/issues/543
refs f9cb7eddda
* update artifacts to support wildcard entries
refs elastic/security-team/issues/543
* add tests for list schemas
refs f9cb7eddda
refs elastic/security-team/issues/543
* add placeholders for path values
review changes
elastic/kibana/pull/97623#discussion_r620617999
* ignore type check for now
* add type assertion
refs 284352ec9a
* remove unnecessary test
refs 2ac56ee839
* fix types
refs f9cb7eddda
refs b3f5dc4553
* add a note to entries
review changes
refs dbd3532149
* remove redundant type assertions
review changes
refs bcf615ac98
refs b3f5dc4553
* move placeholder text logic to utils
review changes elastic/kibana/pull/97623#discussion_r621673881
refs 6f2d0d7810
* pass the style as prop
review changes
* update api doc
CI check suggestion
* make placeholderText a function expression
review suggestion
elastic/kibana/pull/97623/commits/2dc4fd390cf5ea0e4fa67b3f5fc2561cbb29555e
* use semantic names for functions
refs 330731ebfc
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Remove references to `/alpha` route
* Delete all files and references to them for the existing MVP
* Remove conditional MVP Personal dashboard link
* Remove extra Route component
* Wrap header actions in EuiHeaderLinks for mobile
This is an add-on and should be reviewed with white space changes hidden.
* added createFrom in action to hide
* prettier configured
* tests to check timeline modal table actions
* test changes and contant extract
* removed unused dependency
* prevent adding empty column to timeline table when no action need
* test updated
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
When no transform nodes are available, existing continuous transform end up in a waiting state. This PR adds support for this state in the transforms UI. Without the fix, transforms in a waiting state would fail to show up in the transform list.
* [Timelion] Support of Runtime Fields
* Replace call of getScriptedFields() with getComputedFields().runtimeFields, refactor buildAggBody and es.test.js
* Refactor index.js and agg_body.js
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* updated scheduled query activation toggle text and interval header in query group
* added id validation for schedule queries
* fixed up agent resolution to ignore inactive agents, and properly pull all agents
* nixed unused file
* more validation for query fields
* added status table to the results data tab, added more validation
* updated wording
* added error notifications for failed queries
* pr feedback and cleanup
* fix up last hook
* use the pluralize macro, removed rbac tags
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Changelog: https://www.elastic.co/guide/en/apm/agent/nodejs/current/release-notes-3.x.html
Notably:
- Adds apm.addMetadataFilter(fn) that can be used for PII filtering
- Improves communication with APM server to not be pathological if APM
server is down for extended period of time and load is high.
- Fixes bugs in data for the Dependencies and Service Map in the APM
app.
- The APM agent now collects cloud metadata.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] use index_exists route instead of /api/index_management/indices
* fix functional test
* add retry and correct permissions to fix functional tests
* fix upload functional test
resolves: https://github.com/elastic/kibana/issues/80120
Adds a new Kibana configuration key xpack.actions.customHostSettings which
allows per-host configuration of connection settings for https and smtp for
alerting actions. Initially this is just for TLS settings, expandable to other
settings in the future.
The purpose of these is to allow customers to provide server certificates for
servers accessed by actions, whose certificate authority is not available
publicly. Alternatively, a per-server rejectUnauthorized: false configuration
may be used to bypass the verification step for specific servers, but require it
for other servers that do not have per-host customization.
Support was also added to allow per-host customization of ignoreTLS and
requireTLS flags for use with the email action.
## [RAC][Alert Triage][TGrid] Update the Alerts Table (TGrid) API to implement a subset of the `EuiDataGridColumn` API
This PR implements the following subset of the `EuiDataGridColumn` API from [EuiDataGrid](https://elastic.github.io/eui/#/tabular-content/data-grid) in the `TGrid` (Timeline grid):
```ts
Pick<EuiDataGridColumn, 'display' | 'displayAsText' | 'id' | 'initialWidth'>
```
The above properties are [documented in EuiDataGrid's data_grid_types.ts](https://github.com/elastic/eui/blob/master/src/components/datagrid/data_grid_types.ts), and summarized in the table below:
| Property | Description |
|----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `display?: ReactNode` | A `ReactNode` used when rendering the column header |
| `displayAsText?: string` | Displays the column name as text (in lieu of using `display`). If not used, `id` will be shown as the column name. |
| `id: string` | The unique identifier for this column, e.g. `user.name` |
| `initialWidth?: number` | Initial width (in pixels) of the column |
The following screenshot shows the `TGrid` rendering (from left-to-right):
- An (example) RAC-flavored Observability alerts table
- An (example) RAC-flavored Security Solution alerts table
- The production alerts table in the Security Solutions `Detections` page, which remains the default
![three_table_configurations](https://user-images.githubusercontent.com/4459398/115944491-5a69a780-a473-11eb-85b6-36120c3092d6.png)
_Above, three table configurations, rendered via the updated API_
The `public/detections/configurations` directory contains the configurations for the three tables shown in the screenshot above
This change works in concert with another recent change to the `TGrid` that [added support for the `renderCellValue` API](https://github.com/elastic/kibana/pull/96098).
### Example configurations
#### (example) RAC-flavored Observability alerts table
![observability_alerts_example](https://user-images.githubusercontent.com/4459398/115944556-b3d1d680-a473-11eb-8338-6097731f2d48.png)
The column specification for the (example) RAC-flavored Observability alerts table, shown in the screenshot above is defined in `x-pack/plugins/security_solution/public/detections/configurations/examples/observablity_alerts/columns.ts`:
```ts
export const columns: Array<
Pick<EuiDataGridColumn, 'display' | 'displayAsText' | 'id' | 'initialWidth'> & ColumnHeaderOptions
> = [
{
columnHeaderType: defaultColumnHeaderType,
displayAsText: i18n.STATUS,
id: 'kibana.rac.alert.status',
initialWidth: 74,
},
{
columnHeaderType: defaultColumnHeaderType,
displayAsText: i18n.TRIGGERED,
id: '@timestamp',
initialWidth: DEFAULT_DATE_COLUMN_MIN_WIDTH + 5,
},
{
columnHeaderType: defaultColumnHeaderType,
displayAsText: i18n.ALERT_DURATION,
id: 'kibana.rac.alert.duration.us',
initialWidth: 116,
},
{
columnHeaderType: defaultColumnHeaderType,
displayAsText: i18n.ALERTS_HEADERS_SEVERITY,
id: 'signal.rule.severity',
initialWidth: 102,
},
{
columnHeaderType: defaultColumnHeaderType,
displayAsText: i18n.ALERTS_HEADERS_REASON,
id: 'signal.reason',
initialWidth: 644,
},
];
```
The example implementation of `EuiDataGrid`'s [`renderCellValue` API](https://github.com/elastic/kibana/pull/96098) used to render the RAC-flavored Observability alerts table shown in the screenshot above is located in `x-pack/plugins/security_solution/public/detections/configurations/examples/observablity_alerts/render_cell_value.tsx`:
```ts
/**
* This implementation of `EuiDataGrid`'s `renderCellValue`
* accepts `EuiDataGridCellValueElementProps`, plus `data`
* from the TGrid
*/
export const renderCellValue: React.FC<
EuiDataGridCellValueElementProps & CellValueElementProps
> = ({
columnId,
data,
eventId,
header,
isDetails,
isExpandable,
isExpanded,
linkValues,
rowIndex,
setCellProps,
timelineId,
}) => {
const value =
getMappedNonEcsValue({
data,
fieldName: columnId,
})?.reduce((x) => x[0]) ?? '';
switch (columnId) {
case 'kibana.rac.alert.status':
return <Status status={random(0, 1) ? 'recovered' : 'active'} />;
case 'kibana.rac.alert.duration.us':
return <span>{moment(value).fromNow(true)}</span>;
case 'signal.rule.severity':
return <Severity severity={value} />;
case 'signal.reason':
return (
<EuiLink>
<TruncatableText>{reason}</TruncatableText>
</EuiLink>
);
default:
// NOTE: we're using `DefaultCellRenderer` in this example configuration as a fallback, but
// using `DefaultCellRenderer` here is entirely optional
return (
<DefaultCellRenderer
columnId={columnId}
data={data}
eventId={eventId}
header={header}
isDetails={isDetails}
isExpandable={isExpandable}
isExpanded={isExpanded}
linkValues={linkValues}
rowIndex={rowIndex}
setCellProps={setCellProps}
timelineId={timelineId}
/>
);
}
};
```
#### (example) RAC-flavored Security Solution alerts table
![secuirty_solution_rac_example](https://user-images.githubusercontent.com/4459398/115944592-e8459280-a473-11eb-9e0f-cef8519102d4.png)
The column specification for the (example) RAC-flavored Security Solution alerts table, shown in the screenshot above is defined in `x-pack/plugins/security_solution/public/detections/configurations/examples/security_solution_rac/columns.ts`:
```ts
/**
* columns implements a subset of `EuiDataGrid`'s `EuiDataGridColumn` interface,
* plus additional TGrid column properties
*/
export const columns: Array<
Pick<EuiDataGridColumn, 'display' | 'displayAsText' | 'id' | 'initialWidth'> & ColumnHeaderOptions
> = [
{
columnHeaderType: defaultColumnHeaderType,
id: '@timestamp',
initialWidth: DEFAULT_DATE_COLUMN_MIN_WIDTH + 5,
},
{
columnHeaderType: defaultColumnHeaderType,
id: 'signal.rule.name',
displayAsText: i18n.ALERTS_HEADERS_RULE_NAME,
linkField: 'signal.rule.id',
initialWidth: 212,
},
{
columnHeaderType: defaultColumnHeaderType,
id: 'signal.rule.severity',
displayAsText: i18n.ALERTS_HEADERS_SEVERITY,
initialWidth: 104,
},
{
columnHeaderType: defaultColumnHeaderType,
id: 'signal.reason',
displayAsText: i18n.ALERTS_HEADERS_REASON,
initialWidth: 644,
},
];
```
### Testing the example configurations locally
For now, the alerts table in the Security Solution's `Detections` page is configured to use the existing (`7.13`) column configuration.
To test the Alerts table in the Security Solution `Detections` page with the example configurations provided in this PR:
1. Edit `x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx` and change the following line:
```ts
import { columns, RenderCellValue } from '../../configurations/security_solution_detections';
```
from the above to
```ts
import { columns, RenderCellValue } from '../../configurations/examples/observablity_alerts';
```
for the (example) RAC-flavored Observability alerts table, or change it to
```ts
import { columns, RenderCellValue } from '../../configurations/examples/security_solution_rac';
```
for the (example) RAC-flavored Security solution alerts table.
2. Navigate to your local instance of the Security Solution [Detections page](http://localhost:5601/xyx/app/security/detections) (Note: you may need to enable detection rules to populate the alerts table.)
3. Click the `customize_columns` button shown in the screenshot below:
![customize_columns](https://user-images.githubusercontent.com/4459398/115796322-e3f37980-a38e-11eb-930b-5b21dfcb5e65.png)
4. In the `Customize Columns` popover, click the `Reset Fields` button, shown in the screenshot below:
![reset-fields](https://user-images.githubusercontent.com/4459398/115797081-49943580-a390-11eb-9485-7e6cae2f2a6f.png)
After clicking `Reset Fields`, the new default columns will be displayed.
### Backwards compatibility
The `width` property of Timeline's model was changed to `initialWidth` as part of this PR.
- This change has no effect on Timelines persisted as saved objects
- This change has no effect on Timeline's [Export and Import Timelines](https://www.elastic.co/guide/en/security/current/timelines-ui.html#import-export-timelines) feature
- When a TGrid's column configuration containing the legacy `width` and `label` `ColumnHeaderOptions` is read from `localstorage`, these properties are migrated to `initialWidth` and `displayAsText` respectively.
- Backwards compatibility was desk tested by persisting a custom column configuration while running off `master`, and then re-visiting the page after running this PR branch. As expected, the previously persisted column configuration was rendered correctly after running the PR branch.
- Unit tests were added to `x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.test.ts` to test the migration of the `width` and `label` properties
### Other changes
- The minium width of a resized column is now `70px`. The new minium is no longer data-type specific.
* Various route URL updates
- Snake case Kibana routes
- Remove unnecessary extra subdirectory pathing
* Fix missing ability check
- There isn't currently a role that would fail the check, but since the nav link is wrapped in the role, we might as well copy it and look at our role checks in the 8.0 refactor
* fix test
Missed sorting the columns ids based on populated fields. If not all fields are populated in all documents equally, this could result in not correctly sorted columns, also resulting in flaky tests.
* New flyout with event filters form
* Changes on event filters form to allow OS selector. Add new error on state for OS. Add created entry to the entries list
* Fixes typo
* Adds empty page with an add button that opens flyout. Alos added route and path management
* Fixes type and adds a TODO comment. Also removes ESlit rule for useCallback deps
* Fixes unit test. Adds consts for default page size and page index
* Fixes warning state update on an unmounted component
* Fixes infinite useEffect loop useFetchIndex hook because non memoized value
* Adds policy:all to eventFilter.tag and disables or button on exception builder
* Changes component name and simplify hook using useCallback without a custom callback
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>