## Summary
Fixes regression with immutable caused from:
https://github.com/elastic/kibana/pull/55004
* Updated types of Prepackaged
* Updated unit tests
* Fixed unit test for it
Testing:
```
./post_rule.sh
{
"created_at": "2020-01-17T19:11:31.813Z",
"updated_at": "2020-01-17T19:11:31.813Z",
"created_by": "elastic_kibana",
"description": "Query with a rule_id that acts like an external id",
"enabled": true,
"false_positives": [],
"from": "now-6m",
"id": "41ef6309-ef98-4c9f-8d2d-90a070361fb7",
"immutable": false,
"interval": "5m",
"rule_id": "query-rule-id",
"language": "kuery",
"output_index": ".siem-signals-frank-hassanabad-default",
"max_signals": 100,
"risk_score": 1,
"name": "Query with a rule id",
"query": "user.name: root or user.name: admin",
"references": [],
"severity": "high",
"updated_by": "elastic_kibana",
"tags": [],
"to": "now",
"type": "query",
"threats": [],
"version": 1
}
```
Then get the saved object using whatever the id is comes back from above. In this example it is 41ef6309-ef98-4c9f-8d2d-90a070361fb7, yours will be different
```
./get_saved_objects.sh alert 41ef6309-ef98-4c9f-8d2d-90a070361fb7
{
"id": "41ef6309-ef98-4c9f-8d2d-90a070361fb7",
"type": "alert",
"updated_at": "2020-01-17T19:11:32.844Z",
"version": "WzY5NTQsMV0=",
"attributes": {
"name": "Query with a rule id",
"tags": [
"__internal_rule_id:query-rule-id",
"__internal_immutable:false"
],
"alertTypeId": "siem.signals",
"consumer": "siem",
"params": {
"createdAt": "2020-01-17T19:11:31.813Z",
"description": "Query with a rule_id that acts like an external id",
"ruleId": "query-rule-id",
"index": null,
"falsePositives": [],
"from": "now-6m",
"immutable": false,
"query": "user.name: root or user.name: admin",
"language": "kuery",
"outputIndex": ".siem-signals-frank-hassanabad-default",
"savedId": null,
"timelineId": null,
"timelineTitle": null,
"meta": null,
"filters": null,
"maxSignals": 100,
"riskScore": 1,
"severity": "high",
"threats": [],
"to": "now",
"type": "query",
"updatedAt": "2020-01-17T19:11:31.813Z",
"references": [],
"version": 1
},
"schedule": {
"interval": "5m"
},
"enabled": true,
"actions": [],
"throttle": null,
"apiKeyOwner": "elastic_kibana",
"createdBy": "elastic_kibana",
"updatedBy": "elastic_kibana",
"createdAt": "2020-01-17T19:11:32.245Z",
"muteAll": false,
"mutedInstanceIds": [],
"scheduledTaskId": "2c5cc340-395d-11ea-9276-d3c1c264ca9a"
},
"references": []
}
```
Ensure you have the internal immutable of "__internal_immutable:false" In your tags
Next test is to do a find filter of non-packaged rules:
```
./find_rule_by_filter.sh "alert.attributes.tags:%20%22__internal_immutable:false%22"
```
You should get back the above rule any others you created.
### Checklist
Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.
~~- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~~
~~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~~
~~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~~
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
~~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~~
### For maintainers
~~- [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~~
- [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
* Use our internal uiSettings mock in all context mocks
We were previously only using our internal uiSettings mock (which
returns real values) in our TestProviders component, as
all tests either needed:
* specific mocks, in which case we'd call jest.mock() ourselves
* broad mocks, for which platform's kibana_react mocks were usually
sufficient
However, a recent addition in the Timeline component added a usage of
uiSettings that could not use the default mock.
With this change, one can either jest.mock('lib/kibana') or use the
TestProviders wrapper to get real values for UI settings in test.
* Remove production code guarding against tests
This coalescence was due to the service not being properly mocked in
test, which is now fixed.
* WIP Fixing map tiles and such
* Small comment and importing map from dolash
* Better destructuring and comments
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* EUIficate the sidebar
* Create a state reducer and a state context
* Create an editor context and actions
* Improve types
* Apply aggs reordering
* Fix functionality
* Improve types
* Fix sub_agg changes
* Remove legacy dependencies
* Watch dirty state
* Fix dirty state changes
* Update actions and reducers
* Handle keyboard submit
* Apply editor form validation
* Remove fancy forms
* Update validation
* Use embeddable instead of visualize loader
* Add auto apply behavior
* Remove legacy styles
* Remove the sidebar
* Restrict responsive to the bottom_bar
* Upgrade @elastic/eui to v14.10.0
* Replace EuiBottomBar with EuiControlBar
* Get rid of mutations in control vis
* Revert "Upgrade @elastic/eui to v14.10.0"
This reverts commit 2cd86c51d2.
* Replace bottom bar with a control panel for sidebar
* Replace selectors
* Use editor resizer
* Apply selectors
* Change selectors
* Fix sub agg change values
* Add collapse button
* Fix tests
* Get rid of editor editor_state_context, simplify the code
* Fix jest tests, update snapshots
* Fix types
* Moving collapse button to right of index pattern
* Tweaks bottom buttons
* Moved Vega buttons so they don’t scroll away
* Fix responsiveness
* Resolve UI comments
* Fix console resizer
* Update dev docs
* Bail out of additional render in metrics and axes
* Apply performance optimizations for metrics and axis panel
* Remove unused translations
* Use debounce when autoapply enabled
Co-authored-by: Caroline Horn <549577+cchaos@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* simplify serverfacade definition
* simplify requestfacade definition
* use the shim
* makeRequestFacade
* requestFacade
* import sorting
* originalServer
* reduce loc change
* remove consolelog
* hacks to fix tests
* ServerFacade in index
* Cosmetic
* remove field from serverfacade
* add raw to the request
* fix types
* add fieldFormatServiceFactory to legacy
* Pass the complete request object to sec plugin
* Fix test
* fix test 2
* getUser takes a legacy request
* add unit test for new lib
* add getRawRequest to pass to saved objects method
* update test snapshot
* leave a TODO comment for type import
* variable rename for legacy id
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Removed flex group because it's causing alignment issues on IE. Verified and tested on all 3 browsers.
* Restored <EuiFlexItem> but added grow=false to properly align icons.
* filter out docs with no prediction data from results table
* ensure bool.must exists in the cloned searchQuery
* create must in bool query if not present
Add Storybook with help from changes in #43529.
We still need to do some work around having mocks for hooks and HTTP requests but the basics are there.
As of Elasticsearch 8.0.0 it will no longer be possible to use the _id field on documents.
This PR removes the usage that Task Manager makes of this field and switches to pinned queries to achieve a similar effect.
* groups test by context
* renames 'openHostsAndStatsTables' to 'openStatsAndTables'
* replaces map method for forEach
* adds timeout for modal-inspect-close
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* shim of kbn_vislib_vis_types (now vis_type_vislib)
* Move vislib into vis_type_vislib plugin
* Convert remaining plugin files to typescript
* Rename vis to vis_type_vislib
## [SIEM] Overview Page "1.5"
A redesigned SIEM Overview page that includes `Recent timelines`, a `Security news` feed, visualizations, and rolled-up event counts
### Overview enhancements
- Added the global Search bar and Date picker to the Overview page
- New `Recent timelines` widget affords quick access to favorite and recently modified timelines
- New `Security news` widget
- New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
- New `Events count by dataset` widget
- Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input
- Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`)
- Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars
- New `Alerts count by category` widget
- New `Signals count by MITRE ATT&CK™ category` widget
- New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations
### FTUE enhancements
- FTUE "no data" view design refresh
- When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav
- App Help popover design refresh
- Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header
- Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4`
## Known issues
- The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana`
- The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories
- The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern
- `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab
https://github.com/elastic/siem-team/issues/484
* remove batch action on signals
* fix callback dependency bug
* open timeline in signals table + add a way to pick between signal and raw events in timeline
* add status on all rules
* fix i18n
* review I
* fix test
Resolver is a map. It shows processes that ran on a computer. The processes are drawn as nodes and lines connect processes with their parents.
Resolver is not yet implemented in Kibana. This PR adds a 'map' type UX. The user can click and drag to pan the map and zoom using trackpad pinching (or ctrl and mousewheel.)
There is no code providing actual data. Sample data is included. The sample data is used to draw a map. The fundamental info needed is:
process names
the parent of a process
With this info we can topologically lay out the processes. The sample data isn't yet in a realistic format. We'll be fixing that soon.
Related issue: elastic/endpoint-app-team#30
* Upgraded EUI to 18.0.0
* Fix breaks from `palette._.colors` changes
* snapshots
* Updated hard coded hex color codes in tests, fixed TS errors
* Updated a functional test's selector; added (BSD-3-Clause AND Apache-2.0) to license checker whitelist
* Functional test selector update
* Updated vega browser-ci tests for palette changes
* rebased on master
* One more location for EUI package number update and yarn lock
* Fixed lurking [but introduced] TypeScript logic bug
* Swap a prop definition for the same value but tied closer to its source
Co-authored-by: Caroline Horn <549577+cchaos@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
