Add user permission check to CreateFieldButton
Refetch data after creating field
Add global styles to make Overlay z-index higher than timeline z-index
Fix create runtime field loading state
Update alert table columns after adding a new runtime field
Updated documentation of 'overlays.openFlyout' public API
Add cypress test
Add CreateField button unit test
* use a feature flag to use the new pending actions logic
refs elastic/kibana/issues/116715
* switch off pending actions for endpoints when feature flag is disabled
review suggestions
* update/add tests to use FF
* correctly override the FF
`parseExperimentalConfigValue` method sets feature flag key values to `true` if passed as arg
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fix add to case functionality
* Use appropriate owner when attaching an alert to a case
* Use field name constants
* Gotta reskip the test
* Better error handling
* Fix type errors
* Fix tests
* waits for the page to be loaded before continuing with the actions
* changes the order of the wait
* unskip data provider test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add column-gap to HeaderSectionComponent
* Please code review by using gutterSize instead of flex column-gap
* Add eui-textBreakNormal to header_section title
It makes sure that words in the title don't break into a new line
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fix error when searchin with special characters in policies filter
* remove unused brackets
* Refactor test uses userEvent instead of fireEvent to supress act() usage
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* New DescriptionField component for artifact cards
* Use new DescriptionField in ArtifactCardEntry
* Added `eui-textBreakWord` class name to TextValueDisplay component in artifact cards
* Use `DescriptionField` in `CardCompressedHeader`
* Fix i18n of Description label on minified card
* Use DescriptionField in ArtifactEntryMinified
**Ticket:** https://github.com/elastic/kibana/issues/106469, https://github.com/elastic/kibana/issues/101013
## Summary
TL;DR: New internal endpoint for reading data from Event Log (raw version), legacy status SO under the hood.
With this PR we now read the Failure History (last 5 failures) on the Rule Details page from Event Log. We continue getting the Current Status from the legacy `siem-detection-engine-rule-status` saved objects. Rule Management page also gets data from the legacy saved objects.
- [x] Deprecate existing methods for reading data in `IRuleExecutionLogClient`: `.find()` and `.findBulk()`
- [x] Introduce new methods for reading data in IRuleExecutionLogClient:
- for reading last N execution events for 1 rule from event log
- for reading current status and metrics for 1 rule from legacy status SOs
- for reading current statuses and metrics for N rules from legacy status SOs
- [x] New methods should return data in the legacy status SO format.
- [x] Update all the existing endpoints that depend on `IRuleExecutionLogClient` to use the new methods.
- [x] Implement a new internal endpoint for fetching current status of the rule execution and execution events from Event Log for a given rule.
- [x] The API of the new endpoint should be the same as `rules/_find_statuses` to minimise changes in the app.
- [x] Use the new endpoint on the Rule Details page.
## Near-term plan for technical implementation of the Rule Execution Log (https://github.com/elastic/kibana/issues/101013)
**Stage 1. Reading last 5 failures from Event Log v1 - raw implementation** - ✔️ done in this PR
TL;DR: New internal endpoint for reading data from Event Log (raw version), legacy status SO under the hood.
- Deprecate existing methods for reading data in `IRuleExecutionLogClient`: `.find()` and `.findBulk()`
- Introduce new methods for reading data in IRuleExecutionLogClient:
- for reading last N execution events for 1 rule from event log
- for reading current status and metrics for 1 rule from legacy status SOs
- for reading current statuses and metrics for N rules from legacy status SOs
- New methods should return data in the legacy status SO format.
- Update all the existing endpoints that depend on `IRuleExecutionLogClient` to use the new methods.
- Implement a new internal endpoint for fetching current status of the rule execution and execution events from Event Log for a given rule.
- The API of the new endpoint should be the same as `rules/_find_statuses` to minimise changes in the app.
- Use the new endpoint on the Rule Details page.
**Stage 2: Reading last 5 failures from Event Log v2 - clean implementation**
TL;DR: Clean HTTP API, legacy Rule Status SO under the hood.
🚨🚨🚨 Possible breaking changes in Detections API 🚨🚨🚨
- Design a new data model for the Current Rule Execution Info (the TO-BE new SO type and later the TO-BE data in the rule object itself).
- Design a new data model for the Rule Execution Event (read model to be used on the Rule Details page)
- Think over changes in `IRuleExecutionLogClient` to support the new data model.
- Think over changes in all the endpoints that return any data related to rule monitoring (statuses, metrics, etc). Make sure to check our docs to identify what's documented there regarding rule monitoring.
- Update `IRuleExecutionLogClient` to return data in the new format.
- Update all the endpoints (including the raw new one) to return data in the new format.
- Update Rule Details page to consume data in the new format.
- Update Rule Management page to consume data in the new format.
**Stage 3: Reading last 5 failures from Event Log v3 - new SO**
TL;DR: Clean HTTP API, new Rule Execution Info SO under the hood.
- Implement a new SO type for storing the current rule execution info. Relation type: 1 rule - 1 current execution info.
- Swap the legacy SO with the new SO in the implementation of `IRuleExecutionLogClient`.
**Stage 4: Cleanup and misc**
- Revisit the problem of deterministic ordering ([comment](https://github.com/elastic/kibana/pull/115574#discussion_r735803087))
- Remove rule execution log's glue code: adapters, feature switch.
- Remove the legacy rule status SO.
- Mark the legacy rule status SO as deleted in Kibana Core.
- Encapsulate the current space id in the instance of IRuleExecutionLogClient. Remove it from parameters of its methods.
- Introduce a Rule Execution Logger scoped to a rule instance. For use in rule executors.
- Add test coverage.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* add tests for pending status api changes
related to elastic/kibana/pull/115441
refs elastic/security-team/issues/1705
* update mock
refs elastic/kibana/pull/116214
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* WIP - need to figure out how to delete old siem-detection action SO's after each test
* WIP - adds some fixes for the update rules utility that differ from patch rules utility
* fix type checks
* cleanup
* remove commented out code
* rename const to use capital snake case
* naming integration tests, adds expect for disabled rules that get migrated, adds expect for pre-migrated rules
## Summary
Removes isUuid and tests as they're not used anymore
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Use useEndpointPrivileges instead of checking the license directly
* Use the correct privilege key
* rename variable
* Skips flaky test
* Remove skip
* Remove extra dependency
* Add back entries check
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Send Endpoint Alert _id field up as insights docs track that on status changes
* Added test to make sure top-level underscore-prefixed fields are allowed
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Changes detections log level from info to debug within the detection engine. Users have been complaining about their log files filling up in excessive size from when they have noisy rules or if they have a large amount of rules enabled.
* Add support for actions on kibana.* fields and legacy signal.* fields
* Improve types and add scheduleNotificationActions test
* Unnecessary cast
* Was accidentally returning all alerts in map, instead of single alert
* Cleanup
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Only apply field aliases to legacy .siem-signals indices
* Fix unit test mocks
* Add new function for special index existence check
* Actually add new function for special index existence check
* Undo getIndexVersion change
* Add basic integration tests for field alias logic
* Add back create_index to test list
* Add missing markdown to readme
* Revert change to delete_index_route
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
