## Summary
Fixes: https://github.com/elastic/kibana/issues/82148
We have errors and do not generate a signal when a source index already has utilized and reserved the "signal" field for their own data purposes. This fix is a bit tricky and has one medium sized risk which is we also support "signals generated on top of existing signals". Therefore we have to be careful and do a small runtime detection of the "data shape" of the signal's data type. If it looks like the user is using the "signal" field within their mapping instead of us, we move the customer's signal into "original_signal" inside our "signal" structure we create when we copy their data set when creating a signal.
To help mitigate the risks associated with this critical bug with regards to breaking signals on top of signals I have:
* This adds unit tests
* This adds end to end tests for testing generating signals including signals on signals to help mitigate risk
The key test for this shape in the PR are in the file:
```
detection_engine/signals/build_event_type_signal.ts
```
like so:
```ts
export const isEventTypeSignal = (doc: BaseSignalHit): boolean => {
return doc._source.signal?.rule?.id != null && typeof doc._source.signal?.rule?.id === 'string';
};
```
Example of what happens when it does a "move" of an existing numeric signal keyword type:
```ts
# This causes a clash with us using the name signal as a numeric.
PUT clashing-index/_doc/1
{
"@timestamp": "2020-10-28T05:08:53.000Z",
"signal": 1
}
```
Before, this was an error. With this PR it now will restructure this data like so when creating a signal along with additional signal ancestor information, meta data. I omitted some of the data from the output signal for this example.
```ts
{
... Other data copied ...
"signal":
{
"original_signal": 1 <--- We "move it" here now
"parents":
[
{
"id": "BhbXBmkBR346wHgn4PeZ",
"type": "event",
"index": "your-index-name",
"depth": 0
},
],
"ancestors":
[
{
"id": "BhbXBmkBR346wHgn4PeZ",
"type": "event",
"index": "your-index-name",
"depth": 0
},
],
"status": "open",
"depth": 1,
"parent":
{
"id": "BhbXBmkBR346wHgn4PeZ",
type: "event",
"index": "your-index-name",
"depth": 0
},
"original_time": "2019-02-19T17:40:03.790Z",
"original_event":
{
"action": "socket_closed",
"dataset": "socket",
"kind": "event",
"module": "system"
},
}
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Add ILM url generator and use in IM for cross linking to policy edit page
* Fix policy name in the link
* Add review suggestions
* Fix import
* Fix eslint error
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Adding action group id to event log. Showing action group as part of status in alert details view
* Simplifying getting action group id
* Cleanup
* Adding unit tests
* Updating functional tests
* Updating test
* Fix types check
* Updating test
* PR fixes
* PR fixes
* Add steps to migrate from a legacy kibana index
* Clarify data loss from legacy index to alias with same name
* Use aliases api to safely add a .kibana alias to a legacy index
* try to keep timeline context when switching tabs
* fix popover
* simpler solution to keep timelien context between tabs
* fix timeline context with relative date
* allow update on the kql bar when opening new timeline
* keep detail view in context when savedObjectId of the timeline does not chnage
* remove redux solution and just KISS it
* add unit test for the popover
* add test on timeline context cache
* final commit -> to fix context of timeline between tabs
* keep timerange kind to absolute when refreshing
* fix bug today/thiw week to be absolute and not relative
* add unit test for absolute date for today and this week
* fix absolute today/this week on timeline
* fix refresh between page and timeline when link
* clean up
* remove nit
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
## Summary
Move logic from `getBufferExtractorForContentType` into `getBufferExtractor` & change the interface so one function can be used.
### Diff showing old vs new call
```diff
- getBufferExtractorForContentType(contentType);
+ getBufferExtractor({ contentType });
```
```diff
- getBufferExtractor(archivePath);
+ getBufferExtractor({ archivePath });
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Fix tests failing for route files that have more than 2 router registrations of the same method
- This fix allows us to specify the route call we're testing via a path param
* Update all existing uses of MockRouter to pass path param
* Add helpful error messaging
- e.g., in case a path gets typoed
* [Setup] Update routes + role privileges
Routes: use generatePath to better match ent-search
Roles: We're using "Search UI" in the nav copy now, so we should update our vars accordingly
* Add new EngineNav and EngineRouter components
* Update existing components to use new EngineRouter/EngineNav
* Add App Search engine label & new SideNavItem component
* Add EngineRouter breadcrumbs
* [Refactor] DRY out i18n constants
* Move NAV constants to top level
This was only needed locally in Groups but we can to store all nav constants in the global constants file
* Extract remaining nav constants
* Fix links to NAV in routers
* Use constant for path
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
In kibana#82475 we prevented the update of crypto-policies as it's
currently not compatible with libnss. This recent latest tag includes
the crypto-policies which we need to avoid for now.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Remove validation from groups route responses
Since this is a migration of known good endpoints, these aren’t necessary.
* Add tests for groups routes
* Remove unused types
* Remove registerWSGroupRoutes from groups test
This was removed in another commit and is no longer needed
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Adding better documentation for required RBAC settings for alerting
* Bolding feature name and spelling out ampersand
* clarifying explanation of action privileges needed
