* EUIficate the sidebar
* Create a state reducer and a state context
* Create an editor context and actions
* Improve types
* Apply aggs reordering
* Fix functionality
* Improve types
* Fix sub_agg changes
* Remove legacy dependencies
* Watch dirty state
* Fix dirty state changes
* Update actions and reducers
* Handle keyboard submit
* Apply editor form validation
* Remove fancy forms
* Update validation
* Use embeddable instead of visualize loader
* Add auto apply behavior
* Remove legacy styles
* Remove the sidebar
* Restrict responsive to the bottom_bar
* Upgrade @elastic/eui to v14.10.0
* Replace EuiBottomBar with EuiControlBar
* Get rid of mutations in control vis
* Revert "Upgrade @elastic/eui to v14.10.0"
This reverts commit 2cd86c51d2.
* Replace bottom bar with a control panel for sidebar
* Replace selectors
* Use editor resizer
* Apply selectors
* Change selectors
* Fix sub agg change values
* Add collapse button
* Fix tests
* Get rid of editor editor_state_context, simplify the code
* Fix jest tests, update snapshots
* Fix types
* Moving collapse button to right of index pattern
* Tweaks bottom buttons
* Moved Vega buttons so they don’t scroll away
* Fix responsiveness
* Resolve UI comments
* Fix console resizer
* Update dev docs
* Bail out of additional render in metrics and axes
* Apply performance optimizations for metrics and axis panel
* Remove unused translations
* Use debounce when autoapply enabled
Co-authored-by: Caroline Horn <549577+cchaos@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* simplify serverfacade definition
* simplify requestfacade definition
* use the shim
* makeRequestFacade
* requestFacade
* import sorting
* originalServer
* reduce loc change
* remove consolelog
* hacks to fix tests
* ServerFacade in index
* Cosmetic
* remove field from serverfacade
* add raw to the request
* fix types
* add fieldFormatServiceFactory to legacy
* Pass the complete request object to sec plugin
* Fix test
* fix test 2
* getUser takes a legacy request
* add unit test for new lib
* add getRawRequest to pass to saved objects method
* update test snapshot
* leave a TODO comment for type import
* variable rename for legacy id
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Removed flex group because it's causing alignment issues on IE. Verified and tested on all 3 browsers.
* Restored <EuiFlexItem> but added grow=false to properly align icons.
* filter out docs with no prediction data from results table
* ensure bool.must exists in the cloned searchQuery
* create must in bool query if not present
Add Storybook with help from changes in #43529.
We still need to do some work around having mocks for hooks and HTTP requests but the basics are there.
As of Elasticsearch 8.0.0 it will no longer be possible to use the _id field on documents.
This PR removes the usage that Task Manager makes of this field and switches to pinned queries to achieve a similar effect.
* groups test by context
* renames 'openHostsAndStatsTables' to 'openStatsAndTables'
* replaces map method for forEach
* adds timeout for modal-inspect-close
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* shim of kbn_vislib_vis_types (now vis_type_vislib)
* Move vislib into vis_type_vislib plugin
* Convert remaining plugin files to typescript
* Rename vis to vis_type_vislib
## [SIEM] Overview Page "1.5"
A redesigned SIEM Overview page that includes `Recent timelines`, a `Security news` feed, visualizations, and rolled-up event counts
![overview-day](https://user-images.githubusercontent.com/4459398/72396016-90f53600-36f8-11ea-9b41-6d54d09de589.png)
![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png)
### Overview enhancements
- Added the global Search bar and Date picker to the Overview page
- New `Recent timelines` widget affords quick access to favorite and recently modified timelines
- New `Security news` widget
- New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png)
- New `Events count by dataset` widget
- Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input
- Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`)
- Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars
- New `Alerts count by category` widget
- New `Signals count by MITRE ATT&CK™ category` widget
- New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations
### FTUE enhancements
- FTUE "no data" view design refresh
![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png)
- When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav
- App Help popover design refresh
![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png)
- Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header
- Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4`
## Known issues
- The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana`
- The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories
- The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern
- `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab
https://github.com/elastic/siem-team/issues/484
* remove batch action on signals
* fix callback dependency bug
* open timeline in signals table + add a way to pick between signal and raw events in timeline
* add status on all rules
* fix i18n
* review I
* fix test
* Upgraded EUI to 18.0.0
* Fix breaks from `palette._.colors` changes
* snapshots
* Updated hard coded hex color codes in tests, fixed TS errors
* Updated a functional test's selector; added (BSD-3-Clause AND Apache-2.0) to license checker whitelist
* Functional test selector update
* Updated vega browser-ci tests for palette changes
* rebased on master
* One more location for EUI package number update and yarn lock
* Fixed lurking [but introduced] TypeScript logic bug
* Swap a prop definition for the same value but tied closer to its source
Co-authored-by: Caroline Horn <549577+cchaos@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Update spec conversion to exclude deprecated completions
* Update OSS spec
* Remove console.log
* Add skip deprecated endpoints option to script
* Actually, remove skip deprecated flag for now. Just do not include deprecated. See this issue: https://github.com/elastic/kibana/issues/48375
* x-pack: Delete data from transform completions
* Update to existing x-pack autocomplete extensions
* Added ml explain with overrides
* Added put trained model with doc override
* Added SLM get_status, start and stop with URL param overrides where needed
* Add data completion for clear scroll
* Remove include_type_name flag from indices and delete create.json override
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Add support for scripted fields and
default index pattern
* Add scripted fields and aliases to existence API
* Fix TypeScript errors.
* Fix mappings parsing
* Default to the index pattern timeFieldName
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This moves the beta badges for the Ml integration tabs from the tabbed navigation bar into the primary headings of the respective setup and result pages.
* wip: initialize newJobCaps service in parent element
* wip: use jobCaps service to create columns
* add render and types to talble columns
* add keyword suffix when constructing query. ensure pagination works
* Ensure search query and sorting works
* wip: update regression table to use jobCaps api
* move shared resources to central location
* ensure 0 and false values show up in table
* add error handling to jobCaps initialization
* ensure outlier detection table can toggle columns
* check for undefined before using moment to create date
* add tests for fix for getNestedProperty
* Working status updates in executor. Need to update read rules api endpoint to only respond with 'status' and not status info. Will create another endpoint to get status details for a rule which will include last five errors (if there are any). Still need tests
* adds new route for getting statuses for a list of given alert ids, adds try-catch and more logic in executor for logging errors, adds scripts and rules for testing, updates find_rules endpoint to display statuses too. Would like to look into using the alerts executor state to better manage logic for statuses, and need to update some types. Also needs unit tests still.
* updated types for routes, updated how merging of alert-to-rule and rule status happens when formatting REST response.
* typecast test server as ServerFacade type
* fix bug where we were not awaiting the accumulated result in the reducer
* update rule status saved object interfaces to play nicely with interfaces provided by saved objects module. Update tests to pass - Need to write new unit tests in an upcoming commit. Next commit will be cleanup from comments then new unit tests.
* fix missed conflicts after rebase
* replace id param with rule.id when searching in statuses, adds sort fields to the saved objects find queries.
* fixes bug where 'executing' statuses were being written into failing historical status list
* camelCase to snake_case in new statuses route, also fix merge conflict
* add deletion of rule statuses to delete_rules_bulk_route. Statuses are created inside of executor so we will not be needing to create statuses directly inside of the create rules bulk route, so I removed that extraneous code.
* pr feedback I forgot to fix earlier
* remove unused import. fixes type check error generated in previous commit
* removes status information from rule when saved to signals index and updates tests to represent this change. Also removes extraneous quotes inserted around alertId field when creating a new historical status.
* adds new bash script to delete all rule statuses, updates error messages in rule statuses to just store actual message, moved querying of rules statuses under a null check, initialize everything to null when first creating rule status, update number of results returned when querying saved objects based on usage, updates saved objects mapping types to use date for dates and keyword for alertId.
* use lodash snake case and update total number of saved objects to return for find rules, delete rules, and read rules.
* updates how statuses are transformed inside of read_rules_route, only update updated_at in rule on update of rule, removes unlabeled todo comment, updates scripts descriptions, removes interval from query_with_rule_id.json sample query, removes debug statement, removes verbose from curl script.
* display rule status on update
This reduces the panel paddings on the log rate and categorization result tabs from `l` to `m` as per elastic/logs#7 and brings a title padding in line with the rest.
In elastic/apm-server/pull/3096, an alternative to stacktrace.filename was introduced: stacktrace.classname. This change makes sure classname is properly represented in the UI and in our types.