## Summary
* Adds Endgame events to the SIEM Overview page, per the following screenshot:
<img width="1680" alt="overview-chrome" src="https://user-images.githubusercontent.com/4459398/66524250-26a47800-eaaf-11e9-8ff9-311c031e5d00.png">
* Adds `endgame-*` to the default SIEM index pattern, per the following screenshot:
<img width="1665" alt="siem-advanced-settings" src="https://user-images.githubusercontent.com/4459398/66524300-45a30a00-eaaf-11e9-93c3-dce74917e73a.png">
RELEASE NOTE: To view Endgame events in existing SIEM deployments, you must manually add `endgame-*` to the SIEM index pattern in `Kibana Management > Advanced Settings > SIEM > Elasticsearch indices`. Also note that the `Reset to default` feature for this setting in the Advanced Settings page now includes `endgame-*`.
* Adds the GraphQL plumbing for rendering Endgame data in the Timeline via row renderers (in an upcoming PR), with the introduction of the following fields:
```
dns.question.name
dns.question.type
dns.resolved_ip
dns.response_code
endgame.exit_code
endgame.file_name
endgame.file_path
endgame.logon_type
endgame.parent_process_name
endgame.pid
endgame.process_name
endgame.subject_domain_name
endgame.subject_logon_id
endgame.subject_user_name
endgame.target_domain_name
endgame.target_logon_id
endgame.target_user_name
event.code
file.name
process.hash.md5
process.hash.sha1
process.hash.sha256
user.domain
winlog.event_id
```
## Testing
### Cypress
The `smoke_tests/overview/overview.spec.ts` Cypress test was updated to include the new counts on the Overview page, per the screenshot below:
### API Integration test
The Overview page API integration test `xpack/test/api_integration/apis/siem/overview_host.ts` was updated to include counts of mock Endgame data added to `test/functional/es_archives/auditbeat/overview/data.json.gz`
### Unit tests
Overview page unit tests were updated to include the new Endgame event counts
### Desk testing
* Desk tested by hand-editing `components/page/overview/overview_host/index.tsx` and setting the `endDate` and `startDate` values below to a fixed datetime:
```
<OverviewHostQuery endDate={endDate} sourceId="default" startDate={startDate}>
```
The counts shown on the overview page where then compared to the counts shown in the timeline in the same date period, to verify the counts match 1:1.
* The additional fields mentioned above in this PR (e.g. `dns.question.name`,`endgame.target_domain_name`) that are now being requested via GraphQL can be seen via the Timeline Inspect (query) feature:
1) Enter `event.module: endgame` in the Timeline KQL bar. (Adjust the date range if necessary.)
2) After Endgame events are displayed in the timeline, click the Inspect button in the Timeline settings gear.
The additional fields (and values) will be included in the Inspect query Request / Response tabs.
### Cross-browser dark/light testing
#### Firefox
<img width="1680" alt="overview-firefox" src="https://user-images.githubusercontent.com/4459398/66524773-9c5d1380-eab0-11e9-9383-c155872881b0.png">
#### Safari
<img width="1680" alt="overview-safari" src="https://user-images.githubusercontent.com/4459398/66524790-a54de500-eab0-11e9-9786-aa7dbe18c1bf.png">
#### IE11
This PR was *not* tested in IE11 due to the current blocker with `react-reverse-portal`
https://github.com/elastic/siem-team/issues/465https://github.com/elastic/ecs-dev/issues/178
* [ML] Adds new SIEM auditbeat, winlogbeat and packetbeat modules
* [ML] Removed rare_country_for_user jobs
* [ML] Removed rare_country_for_user jobs from manifests
* [Code] use native git to iterate git files
* [Code] use native git to clone/update repository
* [Code] git history using native git
* [Code] use native git to read file tree and file content
* [Code] fix the 'bad file' warning from status api
* [Code] use native git to handle worktree
* [Code] use native git to resolve references
* [Code] use native git to handle blame / diff
* [Code] patch git binaries in kibana build script
* [Code] migrate unit tests to use native git
* [Maps] retrieve geo_point value from docvalue_fields instead of _source
* add functional test ensuring _search request only pulls what is needed
* clean up i18n translation fiels
* [lens] Basic usage telemetry for total visualizations, and by type
* Implement overall, 30 day, 90 day tracking for saved visualizations
* Add forgotten file
* Implement collection using scripted metrics
* Add functional test to ensure painless script is working
* Expose CodeBlockPanel component
This separates the current CodeBlock component into two:
* CodeBlock, which simply renders the code view without
padding/margin
* CodeBlockPanel which wraps the CodeBlock in an EUIPanel and allows
overrides
It seems like APM will want to use the former for their integration,
while the latter is currently used internally by Code. It's very simple,
though, and could absolutely be inlined.
* Update demo page to use CodeBlock
This has no styling, and so a header could go right against it, it
could be shown/hidden distinct from the header, etc.
* Export our current integration components from main index
Adds a 'shared' manifest that does all the reaching in; the main one
just re-exports that.
* Move shared exports to the frontend manifest
This was incorrectly placed a level too high, in the plugin itself.
* Rename to better reflect relationship
CodeBlockPanel = EuiPanel + CodeBlock
* Distinguish monaco CSS overrides with page-specific layout
* [Canvas] i18n for all known canvas errors (#46945)
* i18n for all known canvas errors
* Removing error message not seen by users
* Fixing weird merge
If the result contains "ok" or "success", use the same color we use for HTTP 200.
If the result contains "error" or "failure", use the same color we use for HTTP 500.
Fixes#18707
Add service map tabs on the main APM screen and for individual services.
This is not yet hooked up to work with back-end data, so it always shows the same hard-coded graph.
This is experimental, so you must have x-pack.apm.serviceMapEnabled: true in your Kibana config for it to show up.
Also add "PSF" to the list of allowed licenses since a new dependency added uses this license (it's on the [green list](https://github.com/elastic/open-source/blob/master/elastic-product-policy.md#green-list).)
Fixes#44890Fixes#44853
* [APM] Use new platform for toast notifications (#47276)
* [APM] Use new platform for toast notifications
* fix more tests
* remove comment
* [APM] Agent configuration phase 2 (#46995)
* [APM] Agent Config Management Phase 2
* Add status indicator
* Extract TimestampTooltip component
* Remove unused StickyTransactionProperties component
* Fix snapshot and minor cleanup
* Minor cleanup
* Display settings conditionally by agent name
* Fix client
* Format timestamp
* Minor design feedback
* Clear cache when clicking refresh
* Fix test
* Revert t() short hand
* Fix translations
* Add support for “all” option
* Fix API tests
* Move delete button to footer
* Fix snapshots
* Add API tests
* Fix toasts
* Address feedback and ensure order when searching for configs
* Fix snapshots
* Remove timeout
* Extracting HttpStatusBadge component, in order to be used on SpanFlyout
* Changing tab labels to metadata
* Changing tab labels to metadata
* Refactoring section labels
* Refactoring section labels
* Refactoring section labels
* Refactoring http info component
* adding new translation
* Refactoring section
* fixing type check on test
* Using lodash pick to get the correct properties
* [Maps] tooltip custom labels
* add drag handlers for re-ordering tooltip property order
* add trash button to remove property
* add jest tests for AddTooltipFieldPopover
* sort EMS file tooltip properties
* update TooltipSelector jest test
* clean up AddTooltipFieldPopover field sorting
* remove console statements
* add more styles when row is getting dragged
* change reorder aria label
* move css changes into seperate file
* allow adding multiple fields before closing popover
* clear checked state on Add
* update jest snapshots
* use FieldIcon to display field type as icon
* add bottom border to tooltip field
* avoid flash after drag and drop
* Tooltip styles (#32)
* update TooltipSelector snapshot
* replace 24px with
* [Maps] Move sort out of top hits configuration for ES documents source
* add migration script to convert topHitsTimeField to sortField
* update i18n translations
* add jest test for es docs source UpdateSourceEditor component
* remove time configuration from top hits docs
* update migrations integration expect statement
* review feedback
* reverse hits list so top documents by sort are drawn on top
* update functional test expect to account for reversing hits order
* update another functional test expect clause for reversing hits
* Use docLinks service
* Update tests to use docLinks mock service
* Test fixes
* Fixed jest test to work with functional tests
* snaps
* removed clicking on button test - as it actually tests EuiPopover
