* Move to vis_types folder part 2
* fix jest tests
* do some tests
* revert
* Test Tiago's fix
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
# Conflicts:
# .github/CODEOWNERS
### Summary
We are integrating alert search strategy with RBAC on top of alert tables for security solution and o11y.
Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
* injects bulkCreate and wrapHits to individual rule executors
* WIP create_security_rule_type_factory based on Marshall's work in #d3076ca54526ea0e61a9a99e1c1bce854806977e
* removes ruleStatusService from old rule executors, fixes executor unit tests
* fixes rebase
* Rename reference_rules to rule_types
* Fix type errors
* Fix type errors in base security rule factory
* Additional improvements to types and interfaces
* More type alignment
* Fix remaining type errors in query rule
* Add validation / inject lists plugin
* Formatting
* Improvements to typing
* Static typing on executors
* cleanup
* Hook up params for query/threshold rules... includes exceptionsList and daterange tuple
* Scaffolding for wrapHits and bulkCreate
* Add error handling / status reporting
* Fixup alert type state
* Begin threshold
* Begin work on threshold state
* Organize rule types
* Export base security rule types
* Fixup lifecycle static typing
* WrapHits / bulk changes
* Field mappings (partial)
* whoops
* Remove redundant params
* More flexibile implementation of bulkCreateFactory
* Add mappings
* Finish query rule
* Revert "Remove redundant params"
This reverts commit 87aff9c810.
* Revert "whoops"
This reverts commit a7771bd392.
* Fixup return types
* Use alertWithPersistence
* Fix import
* End-to-end rule mostly working
* Fix bulkCreate
* Bug fixes
* Bug fixes and mapping changes
* Fix indexing
* cleanup
* Fix type errors
* Test fixes
* Fix query tests
* cleanup / rename kibana.rac to kibana
* Remove eql/threshold (for now)
* Move technical fields to package
* Add indexAlias and buildRuleMessageFactory
* imports
* type errors
* Change 'kibana.rac.*' to 'kibana.*'
* Fix lifecycle tests
* Single alert instance
* fix import
* Fix type error
* Fix more type errors
* Fix query rule type test
* revert to previous ts-expect-error
* type errors again
* types / linting
* General readability improvements
* Add invariant function from Dmitrii's branch
* Use invariant and constants
* Improvements to field mappings
* More test failure fixes
* Add refresh param for bulk create
* Update more field refs
* Actually use refresh param
* cleanup
* test fixes
* changes to rule creation script
* Fix created signals count
* Use ruleId
* Updates to bulk indexing
* Mapping updates
* Cannot use 'strict' for dynamic setting
Co-authored-by: Marshall Main <marshall.main@elastic.co>
Co-authored-by: Ece Ozalp <ozale272@newschool.edu>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Marshall Main <marshall.main@elastic.co>
Co-authored-by: Ece Ozalp <ozale272@newschool.edu>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Alerting] Renamed Alerting framework AlertsClient to RulesClient according to the new terminology.
* fixed path
* fixed type checks
* fixed type checks
* Clean up public API of cases plugin
1. Don't use export * on index.ts files that define the public API
2. Add comments to the interface show they show up in the API docs
3. Export types that are part of the public API so they show up in the API docs.
4. Fill in information for the up and coming `description` and `owner` items in kibana.json.
* Update returns comments to be more descriptive
* update api docs
* Remove kibana.json attributes, until PR supporting them is merged.
* Change all exports to export type to avoid increase page bundle size
Co-authored-by: Stacey Gammon <gammon@elastic.co>
* Remove RecursiveReadonly wrapper on public API items
* Remove Pick and export some types that are part of the public API
* Udpate api docs
* Export API items that are part of the public API
* Add extra comments
* update api docs
Co-authored-by: Stacey Gammon <gammon@elastic.co>
* Add explicit security types
* Remove sessionTimeout, seems unused
* add comments
* Add comments and fix test since removing the unused APIs
* remove unused import
* wording cleanup
* Export some types that are part of the public API but not exported
* more improvements for api docs
* update security docs
* Update x-pack/plugins/security/public/nav_control/nav_control_service.tsx
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Update x-pack/plugins/security/public/nav_control/nav_control_service.tsx
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Update x-pack/plugins/security/public/plugin.tsx
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Update x-pack/plugins/security/public/plugin.tsx
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* remove unneccessary readonly prefix
* Update all api docs
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
# Conflicts:
# api_docs/data.json
# api_docs/data_index_patterns.json
# api_docs/data_search.json
# api_docs/deprecations.mdx
# api_docs/licensing.json
# api_docs/lists.json
# api_docs/triggers_actions_ui.json
# api_docs/usage_collection.json
* Remove custom code, add in a hack
* remove artifical limit
* Fix arrow functions in interfaces not having children
* Update docs
* Update api docs after merge from master
* update api docs after merge from master
* update api docs
# Conflicts:
# api_docs/core.json
# api_docs/data.json
# api_docs/data_index_patterns.json
# api_docs/deprecations.mdx
# api_docs/features.json
# api_docs/licensing.json
# api_docs/reporting.json
# api_docs/spaces.json
## Summary
Phase 1 of a multi-phase cautious approach for adding an experimental application cache for Kibana solutions called `metric_entities` and integrates it within Security Solutions.
Phase 1 is putting experimental support into the application without breaking existing features. Lots of TODO's, conversations and a possible RFC from phase 1 to phase 2 approach. Some features are missing, but for phase 1 the general idea and code is all there.
To enable this first phase after checking out the branch add this to your `kibana.dev.yml`
```yml
xpack.metricsEntities.enabled: true
xpack.securitySolution.enableExperimental: ['metricsEntitiesEnabled']
```
Then go into Stack Management -> Advanced Settings (Under Security Solutions) and set the enabled to true like so:
<img width="1229" alt="Screen Shot 2021-04-08 at 2 21 02 PM" src="https://user-images.githubusercontent.com/1151048/114091276-b3cbb700-9875-11eb-9083-5c1d91dd20ed.png">
Next go to the security_solutions page and you will see it being activated and you will have these transforms running if you look under stack management:
<img width="1710" alt="Screen Shot 2021-04-29 at 2 00 27 PM" src="https://user-images.githubusercontent.com/1151048/116611174-4a2e4e00-a8f3-11eb-9e15-55cb504dfb2a.png">
On the hosts page, network, page, etc... You can see them being activated when you have no query/filter and you click on request:
<img width="1405" alt="Screen Shot 2021-04-29 at 2 01 28 PM" src="https://user-images.githubusercontent.com/1151048/116611274-6a5e0d00-a8f3-11eb-9998-9f5b3d1c5c63.png">
You will see in the request the index patterns all starting with `estc_xyz*`
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
We have lots of TODO's but no concrete docs with this just yet.
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
Behind a feature flag and this isn't there yet.
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>
* show operator dropdown for path field
refs elastic/security-team/issues/543
* update translation to use consistent values
refs elastic/security-team/issues/543
* update schema to validate path values
refs elastic/security-team/issues/543
* add tests for field and operator values
refs elastic/security-team/issues/543
* review changes
refs elastic/security-team/issues/543
* update schema to enforce dropdown validation for PATH field
refs elastic/security-team/issues/543
* add tests for schema updates
refs 1deab39453
refs elastic/security-team/issues/543
* optimise dropdown list for re-renders
refs elastic/security-team/issues/543
* align input fields and keep alignments when resized
refs elastic/security-team/issues/543
* correctly enter operator data on trusted app CRUD
refs elastic/security-team/issues/543
* update tests
refs 2ac56ee839
refs elastic/security-team/issues/543
* remove redundant code
review changes
* better type assertion
review changes
* move operator options out of component
- these do not depend on component props and thus no need to have it within a useMemo callback.
- review changes
* derive keys from operator entry field
review changes
* update type
* use custom styles for aligning input fields
review changes
* add a custom type for trusted_apps operator
undo changes from list plugin and server/lib/detection_engine
refs 2ac56ee839
refs elastic/security-team/issues/543
* add wildcard entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* use the new entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update tests
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update name for wildcard type so that it can be used also for cased inputs
refs elastic/security-team/issues/543
refs f9cb7eddda
* update artifacts to support wildcard entries
refs elastic/security-team/issues/543
* add tests for list schemas
refs f9cb7eddda
refs elastic/security-team/issues/543
* add placeholders for path values
review changes
elastic/kibana/pull/97623#discussion_r620617999
* ignore type check for now
* add type assertion
refs 284352ec9a
* remove unnecessary test
refs 2ac56ee839
* fix types
refs f9cb7eddda
refs b3f5dc4553
* add a note to entries
review changes
refs dbd3532149
* remove redundant type assertions
review changes
refs bcf615ac98
refs b3f5dc4553
* move placeholder text logic to utils
review changes elastic/kibana/pull/97623#discussion_r621673881
refs 6f2d0d7810
* pass the style as prop
review changes
* update api doc
CI check suggestion
* make placeholderText a function expression
review suggestion
elastic/kibana/pull/97623/commits/2dc4fd390cf5ea0e4fa67b3f5fc2561cbb29555e
* use semantic names for functions
refs 330731ebfc
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
# Conflicts:
# api_docs/security_solution.json