## Summary
* Adds Import and Export REST endpoints
* Fixes minor misc issues with types
* Changes camel case from bulk api to become snake_case
For the API and testing it is very similar to the saved objects API
For import:
```ts
POST /api/detection_engine/rules/_import
```
With a ndjson body of:
```ts
{"created_at":"2020-01-09T01:38:00.740Z","updated_at":"2020-01-09T01:38:00.740Z","created_by":"elastic_kibana","description":"Query with a rule_id that acts like an external id","enabled":true,"false_positives":[],"from":"now-6m","id":"6688f367-1aa2-4895-a5a8-b3701eecf57d","immutable":false,"interval":"5m","rule_id":"query-rule-id-1","language":"kuery","output_index":".siem-signals-frank-hassanabad-default","max_signals":100,"risk_score":1,"name":"Query with a rule id Number 1","query":"user.name: root or user.name: admin","references":[],"severity":"high","updated_by":"elastic_kibana","tags":[],"to":"now","type":"query","threats":[],"version":1}
{"created_at":"2020-01-09T01:38:00.745Z","updated_at":"2020-01-09T01:38:00.745Z","created_by":"elastic_kibana","description":"Query with a rule_id that acts like an external id","enabled":true,"false_positives":[],"from":"now-6m","id":"7a912444-6cfa-4c8f-83f4-2b26fb2a2ed9","immutable":false,"interval":"5m","rule_id":"query-rule-id-2","language":"kuery","output_index":".siem-signals-frank-hassanabad-default","max_signals":100,"risk_score":2,"name":"Query with a rule id Number 2","query":"user.name: root or user.name: admin","references":[],"severity":"low","updated_by":"elastic_kibana","tags":[],"to":"now","type":"query","threats":[],"version":1}
{"exported_count":2,"missing_rules":[],"missing_rules_count":0}
```
If you want to overwrite existing objects you can use the overwrite query parameter like so:
```ts
POST /api/detection_engine/rules/_import?overwrite=true
```
See and run the scripts of:
```ts
import_rules.sh
import_rules_no_overwrite.sh
```
For exporting everything:
```ts
POST /api/detection_engine/rules/_export
```
For exporting just a handful of things you would send a body like so:
```ts
POST /api/detection_engine/rules/_export
{
"objects": [
{
"rule_id": "query-rule-id-1"
},
{
"rule_id": "query-rule-id-2"
}
]
}
```
To change either the filename of the file that gets downloaded or to remove the extra appended export details you can do the following:
```ts
POST /api/detection_engine/rules/_export?exclude_export_details=true&file_name=my_file.ndjson"
```
See the scripts of:
```ts
export_rules.sh
export_rules_by_rule_id.sh
export_rules_by_rule_id_to_file.sh
export_rules_to_file.sh
```
### Checklist
Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.
~~- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~~
~~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~~
~~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~~
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
~~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~~
### For maintainers
~~- [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~~
- [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
resolves https://github.com/elastic/kibana/issues/50522
The alert executor function is now passed these additional alert-specific
properties as parameters:
- spaceId
- namespace
- name
- tags
- createdBy
- updatedBy
* Fix server types
* Remove graphql types from the frontend
* More type cleanup
* Replace more types. Delete unused files
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [Reporting] Update some runtime validations
* fix unit test
* i18n
* make warning logging of encryptionKey possible
* update snapshot
* revert unrelated config change
* Add header element to indices page for WCAG
* Add h1 element for WCAG to node page
* Add h1 element for WCAG to stack monitoring overview page
* Add h1 to advanced nodes page in stack monitoring
* Add h1 to nodes page in stack monitoring
* Add h1 header for index advanced page in stack monitoring
* Standarize more on ide for h1 tag
* Give heading element to beats overview
* Update Beats listing page for H1 compat with WAVE
* Modified beat page to comply with heading rules from WCAG
* Kibana instance listing page updated for header WCAG
* Add WCAG header fix to logstash listing page
* Added headings for WCAG to logstash overview page
* Update pipeline listing page for WCAG A headings
* Fix WCAG heading problems in pipeline viewer
* Fix screen reader heading for APM overview page
* Update APM instances page for screen reader headings
* Update APM instance page for screen reader heading
* Update ccr page for screen reader headings
* More a11y fixes for headings in stack monitoring
* Fixup
* Consistant captalization per review
* Removed help text per review comment
* Include Elasticsearch node into screen reader message, per review feedback
* Update snapshots
* Linting
* Implement review suggestion for i8n compat
* Revert back to just plain string
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Check for a trial license as well as platinum when loading the map
* Increase the z-index of the controls so clicking on them works
* Rename the styled component to `ControlsContainer` from `Container` to make a less ambiguous class name on the element
This PR optimizes both the snapshot component and the monitor list on the overview page by using the new monitor.timespan field from elastic/beats#14778. Note that the functionality here will work with heartbeats lacking that patch, but the performance improvements will be absent.
This PR adapts the snapshot tests to use synthetically generated data which should be easier to maintain. As a result some of that code is refactored as well.
See #52433 parent issue as well.
* Update button styles, page panel and page title
* Add getJobCreatorTitle function for human readable job type name
* Add formatMessage to Create job title
* Fix translation test
* Update tests
* change create to only have only one form to be open at the same time
* add tick to risk score
* remove compressed
* fix select in schedule
* fix bug to not allow more than one step panel to be open at a time
* Add a color/health indicator to severity selector
* Move and reword tags placeholder to bottom helper text
* fix ux on the index patterns field
* Reorganize MITRE ATT&CK threat
* add url validation + some cleaning to prerp work for UT
* add feature to get back timeline + be able to disable action on timeline modal
* Add option to import the query from a saved timeline.
* wip
* Add timeline template selector
* fix few bugs from last commit
* review I
* fix unit test for timeline_title
* ui review
* fix truncation on timeline selectable
* Update Duration to coerce number strings to numbers (in millis)
* Coerce in a way that's consistent with kbn-config-schema
* Update ByteSizeValue to coerce strings to numbers
* Update Boolean to coerce strings to boolean values
* Fix Jest test
* Address PR review feedback
* Whoops
* Whoops 2
* Whoops 3
* check depVar field type before adding keyword suffix for evaluate endpoint
* update indexPattern type and use FIELD types
* add keyword suffix if field type is keyword
* keyword suffix added if depVar is of type keyword AND text
* docs: consolidate telemetry settings to core
Telemetry is no longer part of monitoring.
* docs: revise telemetry settings text
* docs: tweak telemetry setting text
