## Summary
* Adds Endgame events to the SIEM Overview page, per the following screenshot:
<img width="1680" alt="overview-chrome" src="https://user-images.githubusercontent.com/4459398/66524250-26a47800-eaaf-11e9-8ff9-311c031e5d00.png">
* Adds `endgame-*` to the default SIEM index pattern, per the following screenshot:
<img width="1665" alt="siem-advanced-settings" src="https://user-images.githubusercontent.com/4459398/66524300-45a30a00-eaaf-11e9-93c3-dce74917e73a.png">
RELEASE NOTE: To view Endgame events in existing SIEM deployments, you must manually add `endgame-*` to the SIEM index pattern in `Kibana Management > Advanced Settings > SIEM > Elasticsearch indices`. Also note that the `Reset to default` feature for this setting in the Advanced Settings page now includes `endgame-*`.
* Adds the GraphQL plumbing for rendering Endgame data in the Timeline via row renderers (in an upcoming PR), with the introduction of the following fields:
```
dns.question.name
dns.question.type
dns.resolved_ip
dns.response_code
endgame.exit_code
endgame.file_name
endgame.file_path
endgame.logon_type
endgame.parent_process_name
endgame.pid
endgame.process_name
endgame.subject_domain_name
endgame.subject_logon_id
endgame.subject_user_name
endgame.target_domain_name
endgame.target_logon_id
endgame.target_user_name
event.code
file.name
process.hash.md5
process.hash.sha1
process.hash.sha256
user.domain
winlog.event_id
```
## Testing
### Cypress
The `smoke_tests/overview/overview.spec.ts` Cypress test was updated to include the new counts on the Overview page, per the screenshot below:
### API Integration test
The Overview page API integration test `xpack/test/api_integration/apis/siem/overview_host.ts` was updated to include counts of mock Endgame data added to `test/functional/es_archives/auditbeat/overview/data.json.gz`
### Unit tests
Overview page unit tests were updated to include the new Endgame event counts
### Desk testing
* Desk tested by hand-editing `components/page/overview/overview_host/index.tsx` and setting the `endDate` and `startDate` values below to a fixed datetime:
```
<OverviewHostQuery endDate={endDate} sourceId="default" startDate={startDate}>
```
The counts shown on the overview page where then compared to the counts shown in the timeline in the same date period, to verify the counts match 1:1.
* The additional fields mentioned above in this PR (e.g. `dns.question.name`,`endgame.target_domain_name`) that are now being requested via GraphQL can be seen via the Timeline Inspect (query) feature:
1) Enter `event.module: endgame` in the Timeline KQL bar. (Adjust the date range if necessary.)
2) After Endgame events are displayed in the timeline, click the Inspect button in the Timeline settings gear.
The additional fields (and values) will be included in the Inspect query Request / Response tabs.
### Cross-browser dark/light testing
#### Firefox
<img width="1680" alt="overview-firefox" src="https://user-images.githubusercontent.com/4459398/66524773-9c5d1380-eab0-11e9-9383-c155872881b0.png">
#### Safari
<img width="1680" alt="overview-safari" src="https://user-images.githubusercontent.com/4459398/66524790-a54de500-eab0-11e9-9786-aa7dbe18c1bf.png">
#### IE11
This PR was *not* tested in IE11 due to the current blocker with `react-reverse-portal`
https://github.com/elastic/siem-team/issues/465https://github.com/elastic/ecs-dev/issues/178
* [ML] Adds new SIEM auditbeat, winlogbeat and packetbeat modules
* [ML] Removed rare_country_for_user jobs
* [ML] Removed rare_country_for_user jobs from manifests
* [Code] use native git to iterate git files
* [Code] use native git to clone/update repository
* [Code] git history using native git
* [Code] use native git to read file tree and file content
* [Code] fix the 'bad file' warning from status api
* [Code] use native git to handle worktree
* [Code] use native git to resolve references
* [Code] use native git to handle blame / diff
* [Code] patch git binaries in kibana build script
* [Code] migrate unit tests to use native git
* [Maps] retrieve geo_point value from docvalue_fields instead of _source
* add functional test ensuring _search request only pulls what is needed
* clean up i18n translation fiels
* [lens] Basic usage telemetry for total visualizations, and by type
* Implement overall, 30 day, 90 day tracking for saved visualizations
* Add forgotten file
* Implement collection using scripted metrics
* Add functional test to ensure painless script is working
* [DOCS] Fix beta tag in Code Docs
* Add additional content about cloning repos
* More grammar edits
* Address Gail's feedback.
* Fix build errors
* Another build fix
* [DOCS][CODE]: Add GO as a supported language server
* Update code-install-lang-server.asciidoc
* Expose CodeBlockPanel component
This separates the current CodeBlock component into two:
* CodeBlock, which simply renders the code view without
padding/margin
* CodeBlockPanel which wraps the CodeBlock in an EUIPanel and allows
overrides
It seems like APM will want to use the former for their integration,
while the latter is currently used internally by Code. It's very simple,
though, and could absolutely be inlined.
* Update demo page to use CodeBlock
This has no styling, and so a header could go right against it, it
could be shown/hidden distinct from the header, etc.
* Export our current integration components from main index
Adds a 'shared' manifest that does all the reaching in; the main one
just re-exports that.
* Move shared exports to the frontend manifest
This was incorrectly placed a level too high, in the plugin itself.
* Rename to better reflect relationship
CodeBlockPanel = EuiPanel + CodeBlock
* Distinguish monaco CSS overrides with page-specific layout
* [Canvas] i18n for all known canvas errors (#46945)
* i18n for all known canvas errors
* Removing error message not seen by users
* Fixing weird merge
If the result contains "ok" or "success", use the same color we use for HTTP 200.
If the result contains "error" or "failure", use the same color we use for HTTP 500.
Fixes#18707
Add service map tabs on the main APM screen and for individual services.
This is not yet hooked up to work with back-end data, so it always shows the same hard-coded graph.
This is experimental, so you must have x-pack.apm.serviceMapEnabled: true in your Kibana config for it to show up.
Also add "PSF" to the list of allowed licenses since a new dependency added uses this license (it's on the [green list](https://github.com/elastic/open-source/blob/master/elastic-product-policy.md#green-list).)
Fixes#44890Fixes#44853
* Phase 1 of search services
* First review feedback
* Start on tests
* Add functional tests for search explorer
* Add unload and fix ts error
* Add index.test.ts files for coverage completeness
* Adding unit tests
* use internal route terminology. No reason this should be a public route, at least not yet.
* Move search service into data plugin
* App mount search context needs to be optional
* Add more unit tests for server stuff
* wip types fix
* fix types for new context container stuff
* put back all jest test coverage paths
* address review comments
* delete the two test files that just tested the instantiation of the search service
* expose search fn on StartContract... tested locally only
* update mocks to account for new startcontract
* [APM] Use new platform for toast notifications (#47276)
* [APM] Use new platform for toast notifications
* fix more tests
* remove comment
* [APM] Agent configuration phase 2 (#46995)
* [APM] Agent Config Management Phase 2
* Add status indicator
* Extract TimestampTooltip component
* Remove unused StickyTransactionProperties component
* Fix snapshot and minor cleanup
* Minor cleanup
* Display settings conditionally by agent name
* Fix client
* Format timestamp
* Minor design feedback
* Clear cache when clicking refresh
* Fix test
* Revert t() short hand
* Fix translations
* Add support for “all” option
* Fix API tests
* Move delete button to footer
* Fix snapshots
* Add API tests
* Fix toasts
* Address feedback and ensure order when searching for configs
* Fix snapshots
* Remove timeout
