* chore(NA): async import on infra plugin in order to avoid infra plugin on apm
* chore(NA): add async import into infra plugin to reduce apm bundle size
* docs(NA): including small note
* fix(NA): pass pluginsSetup as an argument
* chore(NA): fix missing type
* chore(NA): split register in two functions
* chore(NA): only register once
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
* Adds large list support using REST endpoints.
Status:
---
* Currently ready to be merged behind the feature flag of it being disabled with ongoing work happening after it is merged.
* REST Endpoints shouldn't have large refactoring at this point
* Team meeting occurred where the pieces were discussed in person.
What is left?
---
- [ ] Add other data types. At the moment `ip` and `keyword` are the two types of lists. See: https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html
- [x] Unit tests
- [x] Lots of misc TODO's in the code base still
- [ ] Import loads everything into memory first when it should attempt streaming
- [ ] Add end to end backend tests
- [x] Add transform and io-ts validation for returns
Testing
---
Ensure you set this in your ENV before starting Kibana:
```ts
export ELASTIC_XPACK_SIEM_LISTS_FEATURE=true
```
Download or create a large list file such as this one filled with IP's:
https://cinsscore.com/list/ci-badguys.txt
Go to your REST endpoint folder of scripts:
```ts
cd kibana/x-pack/plugins/lists/server/scripts
```
Do a hard reset:
```ts
./hard_reset
```
Then import it as either a data type of `ip`:
```ts
./import_list_items_by_filename.sh ip ~/Downloads/ci-badguys-smaller.txt
```
Or as a `keyword`
```ts
./import_list_items_by_filename.sh keyword ~/Downloads/ci-badguys-smaller.txt
```
Then you can export it through:
```ts
./export_list_items.sh ci-badgusy-smaller.txt
```
For all the other endpoints and testing of the CRUD operations you have access to:
```ts
delete_all_lists.sh
delete_list.sh
delete_list_index.sh
delete_list_item.sh
delete_list_item_by_id.sh
delete_list_item_by_value.sh
export_list_items.sh
export_list_items_to_file.sh
get_list.sh
get_list_item_by_id.sh
get_list_item_by_value.sh
import_list_items.sh
import_list_items_by_filename.sh
lists_index_exists.sh
patch_list.sh
patch_list_item.sh
post_list.sh
post_list_index.sh
post_list_item.sh
```
### Checklist
Delete any items that are not applicable to this PR.
- [ ] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
resolves https://github.com/elastic/kibana/issues/64275
Changes the fields used to query the event log by time range to use the
`@timestamp` field.
Also allow `@timestamp` as a sort option, and make it the default sort option.
Reorganizing, renaming, and generally cleaning up common code in Endpoint.
* Cleaning up `common/types`
* Renaming things
* Adding comments
* Removing `export` when it's not needed
* [Metrics UI] Fixes for editing alerts in alert management
* Change EuiFieldSearch to use onChange instead of onSearch
* Fixing groupBy
* Fixing the correct groupBy
* Fix Datasource API calls to use correct object type in kuery
* Fix policy details showing toaster multiple times
* Fix taking last url param value (instead of first)
* fix: 🐛 subsribe to "abort" event in abort controller
* test: 💍 add test for execution cancellation after completion
* feat: 🎸 use a more meaningful sentinel
* refactor: 💡 use toPromise() from data plugin
* chore: 🤖 disable most new tests
* test: 💍 remove fake timers from abort tests
* test: 💍 remove new tests completely
There seems to be some async race condition in Jest test runner not
related to this PR, but for some reason Jest fails. Removing these tests
temporarily to check if this file cases Jest to fail.
* chore: 🤖 try adding .catch clause to abortion promise
* chore: 🤖 revert tests back and add .catch() comment
* Install prebuilt index templates as v2
* Correctly handle pre-build v1 index templates
* Generate index templates v2 during package install
* Update unit tests for index template v2
* Fix imports.
* Fix types.
* Use index template v2 API for template deletion
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
resolves https://github.com/elastic/kibana/issues/61891
Adds a relatively new ECS field `event.outcome`. Value of `success`, `failure`,
or `unknown`. This is nice, as the only way we have currently of determining an
error for an alert or action execution in the log is the existence of an
`error.message` field. It is added to to the documents for those events.
see: https://www.elastic.co/guide/en/ecs/current/ecs-event.html
* Move SIEM public/ folder to NP plugin
This is solely renames; fixes come next.
* Update relative imports in our API tests
* Fix linter errors following move to NP folder
These paths got a little shorter, so some lines could be collapsed.
* Move client dependencies to NP package.json
I'm removing the @types/js-yaml for now because I'm not sure we need it;
I'll add it back later if we do.
* Fix relative imports to other plugins
* Fix errant uses of ui/chrome
* Remove legacy plugin shim
* Move feature registration into plugin
This previously had to be part of legacy bootstrapping due to an order
of operations issue.
* Disconnect legacy plugin
The index file should now be redundant with what's in the plugin:
* app registration
* feature registration
* Move public gitattributes
* Remove references to legacy embeddables
We can now use the NP API. Maps embeddable will not work here until
their work is merged, but this should prevent us from importing legacy
code and thus breaking the build.
* Add our frontend dependencies to kibana.json
These are all required for now, because that's how they're typed. If
they _should_ be optional (and I think several should), we need to
update the type and handle the null case within the app.
* Replace use of ui/new_platform mocks in embeddable utils
* Fix remaining jest tests
* Replace build-breaking ui/new_platform mocks with equivalents in core
proper
* Remove unnecessary mocks of ui/new_platform
* Remove references to legacy SIEM folder
* I left the reference in CODEOWNERS in case someone tries to sneak
something back
* I left the .gitignore reference for the same reason
* Fix mocks of relative paths
These were not caught by typescript and were causing test failures.
* Export our client plugin contracts
They're empty for now.
* Move from deprecated appmount API
The new one dropped a param we weren't using.
* Add missing mock causing test failures
* Don't re-export core types from our plugin
Import them from core where we need them, instead
* Move Actions UI registry outside of mount
This is already imported, there's no benefit (and potential timing
issues) with doing this inside the mount.
* Add security's setup contract to our StartServices
This doesn't change what's used, only how we're typing it. The types are now a
little more truthful as:
* our StartPlugins don't include setup contracts
* our StartServices includes everything we use at Start time, including
the one setup plugin.
* Add order and icon back to the sidebar link
* Replace plugin class properties with constants
These are shared, and should be consistent.
* Enable our UI on NP
* Add missed plugin dependencies
We're not using their contracts, but we are importing code from them.
* Revert use of constant in translation
Can't do that, whoops
* i18n our feature catalogue entry
* Remove unnecessary array from single element
* Remove unused keys
These were the legacy translations used... well, I don't know where they
were used.
* Ignore circular dependencies in external plugins
* Normalize exclusions
* Add undeclared dependencies to kibana.json
We import our maps embeddable from maps, and we pass inspector to the
embeddable. I just missed these in my audit. This was causing errors in
the map embeddable.
* Await our call to setLayerList
This is an async call that we need to complete before we can render.
* Reduce siem plugin size
When we load our initial plugin (before our app is loaded), were were
implicitly importing all of kibana_react with this import. While a
global module prevents this from affecting our bundle size currently,
that could change in the future. Since we only need a reference to our
class, we just import that instead.
* show host status on list
* Adjust type for HostStatus-to-HealthColor
* Fixed unit tests
* Tests
* removed unused translation keys
* clarify test case description
* remove `ts-ignore`
These are most analagous to alerting params, which use the same terminal
mapping.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [Reporting] Additional status by app data for usage
* --wip-- [skip ci]
* clean up types
* add a prettier-ignore
* fix types
* --wip-- [skip ci]
* fix typo
* more tests
* Tweak the data model
* fix the comments and type keys to reflect the data model
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
